Vulnerability CVE-2015-3939
Published: 2015-05-31

Description:
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file.

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
IDS -> Nc854 
IDS -> Nc856 

 References:
http://www.securityfocus.com/bid/74900
https://ics-cert.us-cert.gov/advisories/ICSA-15-148-01
Copyright 2024, cxsecurity.com

 

Back to Top