Details of VAR-201509-0220

ID

VAR-201509-0220

CVE

CVE-2015-6470

TITLE

Resource Data Management Data Manager Vulnerable to arbitrary password changes

Trust: 0.8

sources: JVNDB: JVNDB-2015-004959

DESCRIPTION

Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors. Resource Data Management is a web-based SCADA monitoring system. An attacker could exploit this vulnerability to increase privileges and change the password of any user. Versions prior to Data Manager 2.2 are vulnerable

Trust: 2.61

sources: NVD: CVE-2015-6470 // JVNDB: JVNDB-2015-004959 // CNVD: CNVD-2015-06337 // BID: 76822 // IVD: 727aa840-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 727aa840-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06337

AFFECTED PRODUCTS

vendor:	resource data management data manager	model:	manager	scope:	lte	version:	2.1	Trust: 1.0
vendor:	resource data management	model:	manager	scope:	lt	version:	2.2	Trust: 0.8
vendor:	resource	model:	data management resource data management	scope:	lt	version:	2.2	Trust: 0.6
vendor:	resource data management data manager	model:	manager	scope:	eq	version:	2.1	Trust: 0.6
vendor:	resource	model:	data management data manager	scope:	eq	version:	2.1	Trust: 0.3
vendor:	resource	model:	data management data manager	scope:	eq	version:	2.0	Trust: 0.3
vendor:	resource	model:	data management data manager	scope:	ne	version:	2.2	Trust: 0.3
vendor:	data manager	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 727aa840-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06337 // BID: 76822 // JVNDB: JVNDB-2015-004959 // CNNVD: CNNVD-201509-538 // NVD: CVE-2015-6470

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6470
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6470
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06337
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201509-538
value:	MEDIUM
Trust: 0.6
IVD:	727aa840-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2015-6470
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-06337
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	727aa840-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 727aa840-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06337 // JVNDB: JVNDB-2015-004959 // CNNVD: CNNVD-201509-538 // NVD: CVE-2015-6470

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-6470

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-538

TYPE

Unknown

Trust: 0.3

sources: BID: 76822

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004959

PATCH

title:	Resource Data Management	url:	https://www.resourcedm.com/en-us/Support/Download-Software	Trust: 0.8
title:	Patch for Resource Data Management Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/64796	Trust: 0.6
title:	Resource Data Management Data Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57795	Trust: 0.6

sources: CNVD: CNVD-2015-06337 // JVNDB: JVNDB-2015-004959 // CNNVD: CNNVD-201509-538

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6470	Trust: 3.5
db:	ICS CERT	id:	ICSA-15-265-01	Trust: 2.7
db:	CNVD	id:	CNVD-2015-06337	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-538	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004959	Trust: 0.8
db:	BID	id:	76822	Trust: 0.3
db:	IVD	id:	727AA840-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 727aa840-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06337 // BID: 76822 // JVNDB: JVNDB-2015-004959 // CNNVD: CNNVD-201509-538 // NVD: CVE-2015-6470

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-265-01	Trust: 2.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6470	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6470	Trust: 0.8
url:	https://www.resourcedm.com/en-us/support/download-software	Trust: 0.3

sources: CNVD: CNVD-2015-06337 // BID: 76822 // JVNDB: JVNDB-2015-004959 // CNNVD: CNNVD-201509-538 // NVD: CVE-2015-6470

CREDITS

Maxim Rupp

Trust: 0.3

sources: BID: 76822

SOURCES

db:	IVD	id:	727aa840-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-06337
db:	BID	id:	76822
db:	JVNDB	id:	JVNDB-2015-004959
db:	CNNVD	id:	CNNVD-201509-538
db:	NVD	id:	CVE-2015-6470

LAST UPDATE DATE

2025-04-12T23:13:01.182000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-06337	date:	2015-10-09T00:00:00
db:	BID	id:	76822	date:	2015-09-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-004959	date:	2015-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-538	date:	2015-09-28T00:00:00
db:	NVD	id:	CVE-2015-6470	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	727aa840-2351-11e6-abef-000c29c66e3d	date:	2015-10-09T00:00:00
db:	CNVD	id:	CNVD-2015-06337	date:	2015-10-09T00:00:00
db:	BID	id:	76822	date:	2015-09-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-004959	date:	2015-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-538	date:	2015-09-28T00:00:00
db:	NVD	id:	CVE-2015-6470	date:	2015-09-26T01:59:15.390