Details of VAR-201504-0078

ID

VAR-201504-0078

CVE

CVE-2015-0992

TITLE

Inductive Automation Ignition Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-002071

DESCRIPTION

Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation

Trust: 2.61

sources: NVD: CVE-2015-0992 // JVNDB: JVNDB-2015-002071 // CNVD: CNVD-2015-02155 // BID: 73469 // IVD: 98e422d6-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 98e422d6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02155

AFFECTED PRODUCTS

vendor:	inductiveautomation	model:	ignition	scope:	eq	version:	7.7.2	Trust: 1.6
vendor:	inductive	model:	automation ignition	scope:	eq	version:	7.7.2	Trust: 0.9
vendor:	inductive automation	model:	ignition	scope:	eq	version:	7.7.2	Trust: 0.8
vendor:	ignition	model:	-	scope:	eq	version:	7.7.2	Trust: 0.2

sources: IVD: 98e422d6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02155 // BID: 73469 // JVNDB: JVNDB-2015-002071 // CNNVD: CNNVD-201504-053 // NVD: CVE-2015-0992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0992
value:	LOW
Trust: 1.0
NVD:	CVE-2015-0992
value:	LOW
Trust: 0.8
CNVD:	CNVD-2015-02155
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201504-053
value:	LOW
Trust: 0.6
IVD:	98e422d6-2351-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2

nvd@nist.gov:	CVE-2015-0992
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02155
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	98e422d6-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 98e422d6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02155 // JVNDB: JVNDB-2015-002071 // CNNVD: CNNVD-201504-053 // NVD: CVE-2015-0992

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2015-002071 // NVD: CVE-2015-0992

THREAT TYPE

local

Trust: 0.9

sources: BID: 73469 // CNNVD: CNNVD-201504-053

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201504-053

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002071

PATCH

title:	Downloads	url:	https://www.inductiveautomation.com/downloads/ignition	Trust: 0.8
title:	Patch for Inductive Automation Ignition Information Disclosure Vulnerability (CNVD-2015-02155)	url:	https://www.cnvd.org.cn/patchInfo/show/56898	Trust: 0.6

sources: CNVD: CNVD-2015-02155 // JVNDB: JVNDB-2015-002071

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0992	Trust: 3.5
db:	ICS CERT	id:	ICSA-15-090-01	Trust: 2.7
db:	CNVD	id:	CNVD-2015-02155	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-053	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002071	Trust: 0.8
db:	BID	id:	73469	Trust: 0.3
db:	IVD	id:	98E422D6-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 98e422d6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02155 // BID: 73469 // JVNDB: JVNDB-2015-002071 // CNNVD: CNNVD-201504-053 // NVD: CVE-2015-0992

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-090-01	Trust: 2.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0992	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0992	Trust: 0.8
url:	https://www.inductiveautomation.com/downloads/ignition	Trust: 0.3

sources: CNVD: CNVD-2015-02155 // BID: 73469 // JVNDB: JVNDB-2015-002071 // CNNVD: CNNVD-201504-053 // NVD: CVE-2015-0992

CREDITS

Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies

Trust: 0.3

sources: BID: 73469

SOURCES

db:	IVD	id:	98e422d6-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-02155
db:	BID	id:	73469
db:	JVNDB	id:	JVNDB-2015-002071
db:	CNNVD	id:	CNNVD-201504-053
db:	NVD	id:	CVE-2015-0992

LAST UPDATE DATE

2025-04-12T23:04:45.197000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02155	date:	2015-04-03T00:00:00
db:	BID	id:	73469	date:	2015-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-002071	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-053	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0992	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	98e422d6-2351-11e6-abef-000c29c66e3d	date:	2015-04-03T00:00:00
db:	CNVD	id:	CNVD-2015-02155	date:	2015-04-03T00:00:00
db:	BID	id:	73469	date:	2015-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-002071	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-053	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0992	date:	2015-04-03T10:59:14.413