Details of VAR-201503-0073

ID

VAR-201503-0073

CVE

CVE-2015-0985

TITLE

XZERES 442SR Wind Turbines Run on XZERES 442SR OS Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-002017

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request

Trust: 1.62

sources: NVD: CVE-2015-0985 // JVNDB: JVNDB-2015-002017

AFFECTED PRODUCTS

vendor:	xzeres	model:	442sr os	scope:	eq	version:	*	Trust: 1.0
vendor:	xzeres	model:	442sr	scope:	eq	version:	*	Trust: 1.0
vendor:	xzeres wind corp	model:	442sr os	scope:	-	version:	-	Trust: 0.8
vendor:	xzeres wind corp	model:	442sr wind turbine	scope:	-	version:	-	Trust: 0.8
vendor:	xzeres	model:	442sr os	scope:	-	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2015-002017 // CNNVD: CNNVD-201503-637 // NVD: CVE-2015-0985

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0985
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0985
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201503-637
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2015-0985
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2015-002017 // CNNVD: CNNVD-201503-637 // NVD: CVE-2015-0985

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2015-002017 // NVD: CVE-2015-0985

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-637

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201503-637

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002017

PATCH

title:

XZERES 442SR Wind Turbines

url:

http://www.xzeres.co.uk/wind-turbine-products/xzeres442sr-wind-generator/

Trust: 0.8

sources: JVNDB: JVNDB-2015-002017

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-15-076-01	Trust: 2.4
db:	NVD	id:	CVE-2015-0985	Trust: 2.4
db:	JVNDB	id:	JVNDB-2015-002017	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-637	Trust: 0.6

sources: JVNDB: JVNDB-2015-002017 // CNNVD: CNNVD-201503-637 // NVD: CVE-2015-0985

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-076-01	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0985	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0985	Trust: 0.8

sources: JVNDB: JVNDB-2015-002017 // CNNVD: CNNVD-201503-637 // NVD: CVE-2015-0985

SOURCES

db:	JVNDB	id:	JVNDB-2015-002017
db:	CNNVD	id:	CNNVD-201503-637
db:	NVD	id:	CVE-2015-0985

LAST UPDATE DATE

2025-04-12T23:04:51.366000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2015-002017	date:	2016-03-24T00:00:00
db:	CNNVD	id:	CNNVD-201503-637	date:	2015-03-31T00:00:00
db:	NVD	id:	CVE-2015-0985	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2015-002017	date:	2015-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201503-637	date:	2015-03-31T00:00:00
db:	NVD	id:	CVE-2015-0985	date:	2015-03-31T01:59:37.693