Sign-up

ID

VAR-201509-0221


CVE

CVE-2015-6474


TITLE

IBC Solar ServeMaster Plain text password vulnerability

Trust: 0.8

sources: IVD: 727c08b6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06340

DESCRIPTION

IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code. ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. The attacker can use this vulnerability to obtain plain text passwords by viewing the source code of the web page. Multiple IBC Solar Products are prone to multiple cross-site-scripting and information-disclosure vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

Trust: 2.61

sources: NVD: CVE-2015-6474 // JVNDB: JVNDB-2015-004976 // CNVD: CNVD-2015-06340 // BID: 76825 // IVD: 727c08b6-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 727c08b6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06340

AFFECTED PRODUCTS

vendor:ibc solarmodel:danfoss tlx pro\+scope:eqversion: -

Trust: 1.6

vendor:ibc solarmodel:servemaster tlp\+scope:eqversion: -

Trust: 1.6

vendor:danfossmodel:tlx pro+scope: - version: -

Trust: 0.8

vendor:ibc solarmodel:servemaster tlp+scope: - version: -

Trust: 0.8

vendor:ibcmodel:solar servemaster tlp+scope: - version: -

Trust: 0.6

vendor:ibcmodel:solar danfoss tlx pro+scope: - version: -

Trust: 0.6

vendor:ibcmodel:solar servemaster tlp+scope:eqversion:0

Trust: 0.3

vendor:ibcmodel:solar danfoss tlx pro+scope:eqversion:0

Trust: 0.3

vendor:danfoss tlx promodel: - scope:eqversion: -

Trust: 0.2

vendor:servemaster tlpmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 727c08b6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06340 // BID: 76825 // JVNDB: JVNDB-2015-004976 // CNNVD: CNNVD-201509-537 // NVD: CVE-2015-6474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6474
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6474
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-06340
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201509-537
value: MEDIUM

Trust: 0.6

IVD: 727c08b6-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2015-6474
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06340
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 727c08b6-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 727c08b6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06340 // JVNDB: JVNDB-2015-004976 // CNNVD: CNNVD-201509-537 // NVD: CVE-2015-6474

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2015-004976 // NVD: CVE-2015-6474

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-537

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201509-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004976

PATCH
title:Top Pageurl:http://www.danfoss.com/Home/
Trust: 0.8
title:Top Pageurl:https://www.ibc-solar.com/
Trust: 0.8
title:トップページurl:https://www.ibc-solar.jp/
Trust: 0.8
title:IBC Solar ServeMaster plain text password vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/64793
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06340 // 
            
            
            
            JVNDB: JVNDB-2015-004976

EXTERNAL IDS
db:NVDid:CVE-2015-6474
Trust: 3.5
db:ICS CERTid:ICSA-15-265-02
Trust: 2.7
db:CNVDid:CNVD-2015-06340
Trust: 0.8
db:CNNVDid:CNNVD-201509-537
Trust: 0.8
db:JVNDBid:JVNDB-2015-004976
Trust: 0.8
db:BIDid:76825
Trust: 0.3
db:IVDid:727C08B6-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 727c08b6-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-06340 // 
            
            
            
            BID: 76825 // 
            
            
            
            JVNDB: JVNDB-2015-004976 // 
            
            
            
            CNNVD: CNNVD-201509-537 // 
            
            
            
            NVD: CVE-2015-6474

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-265-02
Trust: 2.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6474
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6474
Trust: 0.8
url:https://www.ibc-solar.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06340 // 
            
            
            
            BID: 76825 // 
            
            
            
            JVNDB: JVNDB-2015-004976 // 
            
            
            
            CNNVD: CNNVD-201509-537 // 
            
            
            
            NVD: CVE-2015-6474

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 76825

SOURCES
db:IVDid:727c08b6-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-06340
db:BIDid:76825
db:JVNDBid:JVNDB-2015-004976
db:CNNVDid:CNNVD-201509-537
db:NVDid:CVE-2015-6474

LAST UPDATE DATE
2025-04-13T23:29:32.267000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06340date:2015-10-09T00:00:00
db:BIDid:76825date:2015-09-22T00:00:00
db:JVNDBid:JVNDB-2015-004976date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-537date:2015-09-28T00:00:00
db:NVDid:CVE-2015-6474date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:727c08b6-2351-11e6-abef-000c29c66e3ddate:2015-10-09T00:00:00
db:CNVDid:CNVD-2015-06340date:2015-10-09T00:00:00
db:BIDid:76825date:2015-09-22T00:00:00
db:JVNDBid:JVNDB-2015-004976date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-537date:2015-09-28T00:00:00
db:NVDid:CVE-2015-6474date:2015-09-26T01:59:16.407