Details of VAR-201505-0071

ID

VAR-201505-0071

CVE

CVE-2015-1010

TITLE

Rockwell Automation RSView32 Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 8db7a9a0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03559

DESCRIPTION

Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack. RSView32 is an HMI system for monitoring automated machines and processes. The security method used by RSView32 to create password storage files has security vulnerabilities. Software users using the old algorithm can cause unauthorized decryption, and the user password will be revealed after successful. Attackers can exploit vulnerabilities to obtain sensitive information. Rockwell Automation RSView32 is prone to a security weakness. The vulnerability is caused by the program not properly encrypting the certificate

Trust: 2.79

sources: NVD: CVE-2015-1010 // JVNDB: JVNDB-2015-002880 // CNVD: CNVD-2015-03559 // BID: 74835 // IVD: 8db7a9a0-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-78970 // VULMON: CVE-2015-1010

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 8db7a9a0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03559

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	rsview32	scope:	lte	version:	7.60.00	Trust: 1.0
vendor:	rockwell automation	model:	rsview32	scope:	lte	version:	7.60.00	Trust: 0.8
vendor:	rockwellautomation	model:	rsview32	scope:	lte	version:	<=7.60.00	Trust: 0.6
vendor:	rockwellautomation	model:	rsview32	scope:	eq	version:	7.60.00	Trust: 0.6
vendor:	rockwell	model:	automation rsview32	scope:	eq	version:	7.60	Trust: 0.3
vendor:	rsview32	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 8db7a9a0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03559 // BID: 74835 // JVNDB: JVNDB-2015-002880 // CNNVD: CNNVD-201505-608 // NVD: CVE-2015-1010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1010
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1010
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03559
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201505-608
value:	MEDIUM
Trust: 0.6
IVD:	8db7a9a0-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-78970
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-1010
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1010
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-03559
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	8db7a9a0-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-78970
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 8db7a9a0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03559 // VULHUB: VHN-78970 // VULMON: CVE-2015-1010 // JVNDB: JVNDB-2015-002880 // CNNVD: CNNVD-201505-608 // NVD: CVE-2015-1010

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-78970 // JVNDB: JVNDB-2015-002880 // NVD: CVE-2015-1010

THREAT TYPE

local

Trust: 0.9

sources: BID: 74835 // CNNVD: CNNVD-201505-608

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201505-608

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002880

PATCH

title:	RSView 32	url:	http://www.rockwellautomation.com/rockwellsoftware/products/rsview32.page	Trust: 0.8
title:	Rockwell Automation RSView32 Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/59262	Trust: 0.6

sources: CNVD: CNVD-2015-03559 // JVNDB: JVNDB-2015-002880

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1010	Trust: 3.7
db:	ICS CERT	id:	ICSA-15-132-02	Trust: 3.5
db:	BID	id:	74835	Trust: 1.1
db:	CNNVD	id:	CNNVD-201505-608	Trust: 0.9
db:	CNVD	id:	CNVD-2015-03559	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002880	Trust: 0.8
db:	IVD	id:	8DB7A9A0-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-78970	Trust: 0.1
db:	VULMON	id:	CVE-2015-1010	Trust: 0.1

sources: IVD: 8db7a9a0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03559 // VULHUB: VHN-78970 // VULMON: CVE-2015-1010 // BID: 74835 // JVNDB: JVNDB-2015-002880 // CNNVD: CNNVD-201505-608 // NVD: CVE-2015-1010

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-132-02	Trust: 3.6
url:	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/700915	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1010	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1010	Trust: 0.8
url:	http://www.rockwellautomation.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/310.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/74835	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036	Trust: 0.1

sources: CNVD: CNVD-2015-03559 // VULHUB: VHN-78970 // VULMON: CVE-2015-1010 // BID: 74835 // JVNDB: JVNDB-2015-002880 // CNNVD: CNNVD-201505-608 // NVD: CVE-2015-1010

CREDITS

Vladimir Dashchenko and Dmitry Dementjev of the Ural Security System Center (USSC)

Trust: 0.3

sources: BID: 74835

SOURCES

db:	IVD	id:	8db7a9a0-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-03559
db:	VULHUB	id:	VHN-78970
db:	VULMON	id:	CVE-2015-1010
db:	BID	id:	74835
db:	JVNDB	id:	JVNDB-2015-002880
db:	CNNVD	id:	CNNVD-201505-608
db:	NVD	id:	CVE-2015-1010

LAST UPDATE DATE

2025-04-13T23:35:11.851000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03559	date:	2015-06-04T00:00:00
db:	VULHUB	id:	VHN-78970	date:	2015-06-02T00:00:00
db:	VULMON	id:	CVE-2015-1010	date:	2015-06-02T00:00:00
db:	BID	id:	74835	date:	2015-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2015-002880	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-608	date:	2015-06-05T00:00:00
db:	NVD	id:	CVE-2015-1010	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	8db7a9a0-2351-11e6-abef-000c29c66e3d	date:	2015-06-04T00:00:00
db:	CNVD	id:	CNVD-2015-03559	date:	2015-06-04T00:00:00
db:	VULHUB	id:	VHN-78970	date:	2015-05-31T00:00:00
db:	VULMON	id:	CVE-2015-1010	date:	2015-05-31T00:00:00
db:	BID	id:	74835	date:	2015-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2015-002880	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-608	date:	2015-05-31T00:00:00
db:	NVD	id:	CVE-2015-1010	date:	2015-05-31T17:59:00.077