Sign-up

ID

VAR-201509-0222


CVE

CVE-2015-6475


TITLE

IBC Solar ServeMaster Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: 726bf4bc-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06339

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. An attacker could exploit this vulnerability to perform an XSS attack. Multiple IBC Solar Products are prone to multiple cross-site-scripting and information-disclosure vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

Trust: 2.61

sources: NVD: CVE-2015-6475 // JVNDB: JVNDB-2015-004977 // CNVD: CNVD-2015-06339 // BID: 76825 // IVD: 726bf4bc-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 726bf4bc-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06339

AFFECTED PRODUCTS

vendor:ibc solarmodel:danfoss tlx pro\+scope:eqversion: -

Trust: 1.6

vendor:ibc solarmodel:servemaster tlp\+scope:eqversion: -

Trust: 1.6

vendor:danfossmodel:tlx pro+scope: - version: -

Trust: 0.8

vendor:ibc solarmodel:servemaster tlp+scope: - version: -

Trust: 0.8

vendor:ibcmodel:solar servemaster tlp+scope: - version: -

Trust: 0.6

vendor:ibcmodel:solar danfoss tlx pro+scope: - version: -

Trust: 0.6

vendor:ibcmodel:solar servemaster tlp+scope:eqversion:0

Trust: 0.3

vendor:ibcmodel:solar danfoss tlx pro+scope:eqversion:0

Trust: 0.3

vendor:danfoss tlx promodel: - scope:eqversion: -

Trust: 0.2

vendor:servemaster tlpmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 726bf4bc-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06339 // BID: 76825 // JVNDB: JVNDB-2015-004977 // CNNVD: CNNVD-201509-536 // NVD: CVE-2015-6475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6475
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6475
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-06339
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201509-536
value: MEDIUM

Trust: 0.6

IVD: 726bf4bc-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2015-6475
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06339
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 726bf4bc-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 726bf4bc-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06339 // JVNDB: JVNDB-2015-004977 // CNNVD: CNNVD-201509-536 // NVD: CVE-2015-6475

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2015-004977 // NVD: CVE-2015-6475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-536

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201509-536

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004977

PATCH
title:Top Pageurl:http://www.danfoss.com/Home/
Trust: 0.8
title:Top Pageurl:https://www.ibc-solar.com/
Trust: 0.8
title:トップページurl:https://www.ibc-solar.jp/
Trust: 0.8
title:Patch for IBC Solar ServeMaster Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/64794
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06339 // 
            
            
            
            JVNDB: JVNDB-2015-004977

EXTERNAL IDS
db:NVDid:CVE-2015-6475
Trust: 3.5
db:ICS CERTid:ICSA-15-265-02
Trust: 2.7
db:CNVDid:CNVD-2015-06339
Trust: 0.8
db:CNNVDid:CNNVD-201509-536
Trust: 0.8
db:JVNDBid:JVNDB-2015-004977
Trust: 0.8
db:BIDid:76825
Trust: 0.3
db:IVDid:726BF4BC-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 726bf4bc-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-06339 // 
            
            
            
            BID: 76825 // 
            
            
            
            JVNDB: JVNDB-2015-004977 // 
            
            
            
            CNNVD: CNNVD-201509-536 // 
            
            
            
            NVD: CVE-2015-6475

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-265-02
Trust: 2.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6475
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6475
Trust: 0.8
url:https://www.ibc-solar.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06339 // 
            
            
            
            BID: 76825 // 
            
            
            
            JVNDB: JVNDB-2015-004977 // 
            
            
            
            CNNVD: CNNVD-201509-536 // 
            
            
            
            NVD: CVE-2015-6475

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 76825

SOURCES
db:IVDid:726bf4bc-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-06339
db:BIDid:76825
db:JVNDBid:JVNDB-2015-004977
db:CNNVDid:CNNVD-201509-536
db:NVDid:CVE-2015-6475

LAST UPDATE DATE
2025-04-13T23:29:32.303000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06339date:2015-10-09T00:00:00
db:BIDid:76825date:2015-09-22T00:00:00
db:JVNDBid:JVNDB-2015-004977date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-536date:2015-09-28T00:00:00
db:NVDid:CVE-2015-6475date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:726bf4bc-2351-11e6-abef-000c29c66e3ddate:2015-10-09T00:00:00
db:CNVDid:CNVD-2015-06339date:2015-10-09T00:00:00
db:BIDid:76825date:2015-09-22T00:00:00
db:JVNDBid:JVNDB-2015-004977date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-536date:2015-09-28T00:00:00
db:NVDid:CVE-2015-6475date:2015-09-26T01:59:17.330