Sign-up

ID

VAR-201509-0219


CVE

CVE-2015-6469


TITLE

IBC Solar ServeMaster Source code vulnerability

Trust: 0.8

sources: IVD: 727958c8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06341

DESCRIPTION

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors. ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. Multiple IBC Solar Products are prone to multiple cross-site-scripting and information-disclosure vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

Trust: 2.61

sources: NVD: CVE-2015-6469 // JVNDB: JVNDB-2015-004975 // CNVD: CNVD-2015-06341 // BID: 76825 // IVD: 727958c8-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 727958c8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06341

AFFECTED PRODUCTS

vendor:ibc solarmodel:danfoss tlx pro\+scope:eqversion: -

Trust: 1.6

vendor:ibc solarmodel:servemaster tlp\+scope:eqversion: -

Trust: 1.6

vendor:danfossmodel:tlx pro+scope: - version: -

Trust: 0.8

vendor:ibc solarmodel:servemaster tlp+scope: - version: -

Trust: 0.8

vendor:ibcmodel:solar servemaster tlp+scope: - version: -

Trust: 0.6

vendor:ibcmodel:solar danfoss tlx pro+scope: - version: -

Trust: 0.6

vendor:ibcmodel:solar servemaster tlp+scope:eqversion:0

Trust: 0.3

vendor:ibcmodel:solar danfoss tlx pro+scope:eqversion:0

Trust: 0.3

vendor:danfoss tlx promodel: - scope:eqversion: -

Trust: 0.2

vendor:servemaster tlpmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 727958c8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06341 // BID: 76825 // JVNDB: JVNDB-2015-004975 // CNNVD: CNNVD-201509-539 // NVD: CVE-2015-6469

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6469
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6469
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-06341
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201509-539
value: MEDIUM

Trust: 0.6

IVD: 727958c8-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2015-6469
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06341
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 727958c8-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 727958c8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06341 // JVNDB: JVNDB-2015-004975 // CNNVD: CNNVD-201509-539 // NVD: CVE-2015-6469

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2015-004975 // NVD: CVE-2015-6469

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-539

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201509-539

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004975

PATCH
title:Top Pageurl:http://www.danfoss.com/Home/
Trust: 0.8
title:Top Pageurl:https://www.ibc-solar.com/
Trust: 0.8
title:トップページurl:https://www.ibc-solar.jp/
Trust: 0.8
title:IBC Solar ServeMaster source code patchurl:https://www.cnvd.org.cn/patchInfo/show/64792
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06341 // 
            
            
            
            JVNDB: JVNDB-2015-004975

EXTERNAL IDS
db:NVDid:CVE-2015-6469
Trust: 3.5
db:ICS CERTid:ICSA-15-265-02
Trust: 2.7
db:CNVDid:CNVD-2015-06341
Trust: 0.8
db:CNNVDid:CNNVD-201509-539
Trust: 0.8
db:JVNDBid:JVNDB-2015-004975
Trust: 0.8
db:BIDid:76825
Trust: 0.3
db:IVDid:727958C8-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 727958c8-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-06341 // 
            
            
            
            BID: 76825 // 
            
            
            
            JVNDB: JVNDB-2015-004975 // 
            
            
            
            CNNVD: CNNVD-201509-539 // 
            
            
            
            NVD: CVE-2015-6469

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-265-02
Trust: 2.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6469
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6469
Trust: 0.8
url:https://www.ibc-solar.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06341 // 
            
            
            
            BID: 76825 // 
            
            
            
            JVNDB: JVNDB-2015-004975 // 
            
            
            
            CNNVD: CNNVD-201509-539 // 
            
            
            
            NVD: CVE-2015-6469

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 76825

SOURCES
db:IVDid:727958c8-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-06341
db:BIDid:76825
db:JVNDBid:JVNDB-2015-004975
db:CNNVDid:CNNVD-201509-539
db:NVDid:CVE-2015-6469

LAST UPDATE DATE
2025-04-13T23:29:32.232000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06341date:2015-10-09T00:00:00
db:BIDid:76825date:2015-09-22T00:00:00
db:JVNDBid:JVNDB-2015-004975date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-539date:2015-09-28T00:00:00
db:NVDid:CVE-2015-6469date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:727958c8-2351-11e6-abef-000c29c66e3ddate:2015-10-09T00:00:00
db:CNVDid:CNVD-2015-06341date:2015-10-09T00:00:00
db:BIDid:76825date:2015-09-22T00:00:00
db:JVNDBid:JVNDB-2015-004975date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-539date:2015-09-28T00:00:00
db:NVDid:CVE-2015-6469date:2015-09-26T01:59:14.237