Details of VAR-201504-0077

ID

VAR-201504-0077

CVE

CVE-2015-0991

TITLE

Inductive Automation Ignition Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-002070

DESCRIPTION

Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. This may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2015-0991 // JVNDB: JVNDB-2015-002070 // CNVD: CNVD-2015-02154 // BID: 73471 // IVD: 98e009a8-2351-11e6-abef-000c29c66e3d // VULMON: CVE-2015-0991

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 98e009a8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02154

AFFECTED PRODUCTS

vendor:	inductiveautomation	model:	ignition	scope:	eq	version:	7.7.2	Trust: 1.6
vendor:	inductive	model:	automation ignition	scope:	eq	version:	7.7.2	Trust: 0.9
vendor:	inductive automation	model:	ignition	scope:	eq	version:	7.7.2	Trust: 0.8
vendor:	ignition	model:	-	scope:	eq	version:	7.7.2	Trust: 0.2

sources: IVD: 98e009a8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02154 // BID: 73471 // JVNDB: JVNDB-2015-002070 // CNNVD: CNNVD-201504-052 // NVD: CVE-2015-0991

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0991
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0991
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-02154
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201504-052
value:	MEDIUM
Trust: 0.6
IVD:	98e009a8-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2015-0991
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0991
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-02154
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	98e009a8-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 98e009a8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02154 // VULMON: CVE-2015-0991 // JVNDB: JVNDB-2015-002070 // CNNVD: CNNVD-201504-052 // NVD: CVE-2015-0991

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2015-002070 // NVD: CVE-2015-0991

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-052

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201504-052

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002070

PATCH

title:	Downloads	url:	https://www.inductiveautomation.com/downloads/ignition	Trust: 0.8
title:	Patch for Inductive Automation Ignition Information Disclosure Vulnerability (CNVD-2015-02154)	url:	https://www.cnvd.org.cn/patchInfo/show/56899	Trust: 0.6

sources: CNVD: CNVD-2015-02154 // JVNDB: JVNDB-2015-002070

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0991	Trust: 3.6
db:	ICS CERT	id:	ICSA-15-090-01	Trust: 3.4
db:	CNVD	id:	CNVD-2015-02154	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-052	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002070	Trust: 0.8
db:	BID	id:	73471	Trust: 0.4
db:	IVD	id:	98E009A8-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULMON	id:	CVE-2015-0991	Trust: 0.1

sources: IVD: 98e009a8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02154 // VULMON: CVE-2015-0991 // BID: 73471 // JVNDB: JVNDB-2015-002070 // CNNVD: CNNVD-201504-052 // NVD: CVE-2015-0991

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-090-01	Trust: 3.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0991	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0991	Trust: 0.8
url:	http://www.inductiveautomation.com/scada-software	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/73471	Trust: 0.1

sources: CNVD: CNVD-2015-02154 // VULMON: CVE-2015-0991 // BID: 73471 // JVNDB: JVNDB-2015-002070 // CNNVD: CNNVD-201504-052 // NVD: CVE-2015-0991

CREDITS

Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai.

Trust: 0.3

sources: BID: 73471

SOURCES

db:	IVD	id:	98e009a8-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-02154
db:	VULMON	id:	CVE-2015-0991
db:	BID	id:	73471
db:	JVNDB	id:	JVNDB-2015-002070
db:	CNNVD	id:	CNNVD-201504-052
db:	NVD	id:	CVE-2015-0991

LAST UPDATE DATE

2025-04-12T23:04:45.233000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02154	date:	2015-04-03T00:00:00
db:	VULMON	id:	CVE-2015-0991	date:	2015-04-03T00:00:00
db:	BID	id:	73471	date:	2015-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-002070	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-052	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0991	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	98e009a8-2351-11e6-abef-000c29c66e3d	date:	2015-04-03T00:00:00
db:	CNVD	id:	CNVD-2015-02154	date:	2015-04-03T00:00:00
db:	VULMON	id:	CVE-2015-0991	date:	2015-04-03T00:00:00
db:	BID	id:	73471	date:	2015-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-002070	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-052	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0991	date:	2015-04-03T10:59:13.317