Sign-up

ID

VAR-201506-0356


CVE

CVE-2015-3951


TITLE

RLE Nova-Wind Turbine HMI Vulnerabilities that capture important information on devices

Trust: 0.8

sources: JVNDB: JVNDB-2015-003089

DESCRIPTION

RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. RLE Nova-Wind Turbine HMI Since the device stores clear text authentication information, there is a vulnerability in which important information can be obtained.Important information may be obtained by a third party. The Nova-Wind Turbine HMI is the human-machine interface for wind turbines. Attackers can exploit this issue to gain access to the sensitive information. Successful exploit results in a complete compromise of the affected system

Trust: 2.7

sources: NVD: CVE-2015-3951 // JVNDB: JVNDB-2015-003089 // CNVD: CNVD-2015-03884 // BID: 75163 // IVD: 8b4ff78a-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-81912

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 8b4ff78a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03884

AFFECTED PRODUCTS

vendor:rlemodel:nova-wind turbine hmiscope: - version: -

Trust: 2.8

vendor:rlemodel:nova-wind turbine hmiscope:eqversion:*

Trust: 1.0

vendor:nova wind turbine hmimodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 8b4ff78a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03884 // JVNDB: JVNDB-2015-003089 // CNNVD: CNNVD-201506-263 // NVD: CVE-2015-3951

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3951
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3951
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03884
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201506-263
value: MEDIUM

Trust: 0.6

IVD: 8b4ff78a-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-81912
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3951
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03884
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 8b4ff78a-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-81912
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 8b4ff78a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03884 // VULHUB: VHN-81912 // JVNDB: JVNDB-2015-003089 // CNNVD: CNNVD-201506-263 // NVD: CVE-2015-3951

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-81912 // JVNDB: JVNDB-2015-003089 // NVD: CVE-2015-3951

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-263

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-263

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003089

PATCH
title:Top Pageurl:http://www.rle.international/
Trust: 0.8
title:RLE Nova-Wind Turbine HMI Unsecured Credential Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/59745
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03884 // 
            
            
            
            JVNDB: JVNDB-2015-003089

EXTERNAL IDS
db:NVDid:CVE-2015-3951
Trust: 3.6
db:ICS CERTid:ICSA-15-162-01
Trust: 3.1
db:BIDid:75163
Trust: 2.0
db:CNNVDid:CNNVD-201506-263
Trust: 0.9
db:CNVDid:CNVD-2015-03884
Trust: 0.8
db:JVNDBid:JVNDB-2015-003089
Trust: 0.8
db:IVDid:8B4FF78A-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-81912
Trust: 0.1
sources:
            
            
            IVD: 8b4ff78a-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-03884 // 
            
            
            
            VULHUB: VHN-81912 // 
            
            
            
            BID: 75163 // 
            
            
            
            JVNDB: JVNDB-2015-003089 // 
            
            
            
            CNNVD: CNNVD-201506-263 // 
            
            
            
            NVD: CVE-2015-3951

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-162-01
Trust: 3.1
url:http://www.securityfocus.com/bid/75163
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3951
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3951
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2015-03884 // 
            
            
            
            VULHUB: VHN-81912 // 
            
            
            
            JVNDB: JVNDB-2015-003089 // 
            
            
            
            CNNVD: CNNVD-201506-263 // 
            
            
            
            NVD: CVE-2015-3951

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 75163

SOURCES
db:IVDid:8b4ff78a-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-03884
db:VULHUBid:VHN-81912
db:BIDid:75163
db:JVNDBid:JVNDB-2015-003089
db:CNNVDid:CNNVD-201506-263
db:NVDid:CVE-2015-3951

LAST UPDATE DATE
2025-04-13T23:27:32.661000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03884date:2015-06-19T00:00:00
db:VULHUBid:VHN-81912date:2016-11-28T00:00:00
db:BIDid:75163date:2015-07-15T00:32:00
db:JVNDBid:JVNDB-2015-003089date:2015-06-16T00:00:00
db:CNNVDid:CNNVD-201506-263date:2015-06-18T00:00:00
db:NVDid:CVE-2015-3951date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:8b4ff78a-2351-11e6-abef-000c29c66e3ddate:2015-06-19T00:00:00
db:CNVDid:CNVD-2015-03884date:2015-06-19T00:00:00
db:VULHUBid:VHN-81912date:2015-06-13T00:00:00
db:BIDid:75163date:2015-06-12T00:00:00
db:JVNDBid:JVNDB-2015-003089date:2015-06-16T00:00:00
db:CNNVDid:CNNVD-201506-263date:2015-06-15T00:00:00
db:NVDid:CVE-2015-3951date:2015-06-13T18:59:02.123