Sign-up

ID

VAR-201510-0441


CVE

CVE-2015-1005


TITLE

Windows CE for IniNet embeddedWebServer Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-005598

DESCRIPTION

IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. IniNet Solutions GmbH is a Swiss company whose product eWebServer is a third-party web-based server software. IniNet Solutions embeddedWebServer has a plain text preservation vulnerability that could be exploited by an attacker to elevate privileges. IniNet Solutions eWebServer is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information such as passwords that may aid in launching further attacks

Trust: 2.52

sources: NVD: CVE-2015-1005 // JVNDB: JVNDB-2015-005598 // CNVD: CNVD-2015-06869 // BID: 77256 // VULMON: CVE-2015-1005

AFFECTED PRODUCTS

vendor:ininetmodel:scada web serverscope:eqversion: -

Trust: 1.6

vendor:ininetmodel:embeddedwebserverscope:ltversion:2.02

Trust: 0.8

vendor:ininetmodel:solutions embeddedwebserverscope:ltversion:2.02

Trust: 0.6

vendor:ininetmodel:ewebserverscope:eqversion:0

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx9010scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx9000scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx8090scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx5100scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx5000scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx2000scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx1030scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx1020scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:embedded pc cx1010scope: - version: -

Trust: 0.3

vendor:beckhoffmodel:cpu module cx9020scope: - version: -

Trust: 0.3

vendor:baumullermodel:box pc bmaxx pcc bmp-03-150r 2015-03-11 pcc-03 v1scope: - version: -

Trust: 0.3

vendor:baumullermodel:box pc bmaxx pcc bmp-03-120r 2015-03-11 pcc-03 v1scope: - version: -

Trust: 0.3

vendor:baumullermodel:box pc bmaxx pcc bmp-03-0000 2015-03-11 pcc-03 v1scope: - version: -

Trust: 0.3

vendor:ininetmodel:ewebserverscope:neversion:2.02

Trust: 0.3

sources: CNVD: CNVD-2015-06869 // BID: 77256 // JVNDB: JVNDB-2015-005598 // CNNVD: CNNVD-201510-566 // NVD: CVE-2015-1005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1005
value: LOW

Trust: 1.0

NVD: CVE-2015-1005
value: LOW

Trust: 0.8

CNVD: CNVD-2015-06869
value: LOW

Trust: 0.6

CNNVD: CNNVD-201510-566
value: LOW

Trust: 0.6

VULMON: CVE-2015-1005
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-1005
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-06869
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-06869 // VULMON: CVE-2015-1005 // JVNDB: JVNDB-2015-005598 // CNNVD: CNNVD-201510-566 // NVD: CVE-2015-1005

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2015-005598 // NVD: CVE-2015-1005

THREAT TYPE

local

Trust: 0.9

sources: BID: 77256 // CNNVD: CNNVD-201510-566

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-566

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005598

PATCH
title:Top Pageurl:http://spidercontrol.net/home/?L=1
Trust: 0.8
title:Patch for IniNet Solutions embeddedWebServer plain text preservation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/65887
Trust: 0.6
title:IniNet Solutions embeddedWebServer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58410
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06869 // 
            
            
            
            JVNDB: JVNDB-2015-005598 // 
            
            
            
            CNNVD: CNNVD-201510-566

EXTERNAL IDS
db:NVDid:CVE-2015-1005
Trust: 3.4
db:ICS CERTid:ICSA-15-293-01
Trust: 2.8
db:JVNDBid:JVNDB-2015-005598
Trust: 0.8
db:CNVDid:CNVD-2015-06869
Trust: 0.6
db:CNNVDid:CNNVD-201510-566
Trust: 0.6
db:BIDid:77256
Trust: 0.3
db:VULMONid:CVE-2015-1005
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-06869 // 
            
            
            
            VULMON: CVE-2015-1005 // 
            
            
            
            BID: 77256 // 
            
            
            
            JVNDB: JVNDB-2015-005598 // 
            
            
            
            CNNVD: CNNVD-201510-566 // 
            
            
            
            NVD: CVE-2015-1005

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-293-01
Trust: 2.9
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1005
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1005
Trust: 0.8
url:http://spidercontrol.net/ininet/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41646
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-06869 // 
            
            
            
            VULMON: CVE-2015-1005 // 
            
            
            
            BID: 77256 // 
            
            
            
            JVNDB: JVNDB-2015-005598 // 
            
            
            
            CNNVD: CNNVD-201510-566 // 
            
            
            
            NVD: CVE-2015-1005

CREDITS
Aleksandr Timorin of Positive Technologies
Trust: 0.3
sources:
            
            
            BID: 77256

SOURCES
db:CNVDid:CNVD-2015-06869
db:VULMONid:CVE-2015-1005
db:BIDid:77256
db:JVNDBid:JVNDB-2015-005598
db:CNNVDid:CNNVD-201510-566
db:NVDid:CVE-2015-1005

LAST UPDATE DATE
2025-04-12T23:28:45.472000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06869date:2015-10-28T00:00:00
db:VULMONid:CVE-2015-1005date:2015-10-27T00:00:00
db:BIDid:77256date:2015-10-20T00:00:00
db:JVNDBid:JVNDB-2015-005598date:2015-10-28T00:00:00
db:CNNVDid:CNNVD-201510-566date:2015-10-26T00:00:00
db:NVDid:CVE-2015-1005date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-06869date:2015-10-28T00:00:00
db:VULMONid:CVE-2015-1005date:2015-10-25T00:00:00
db:BIDid:77256date:2015-10-20T00:00:00
db:JVNDBid:JVNDB-2015-005598date:2015-10-28T00:00:00
db:CNNVDid:CNNVD-201510-566date:2015-10-26T00:00:00
db:NVDid:CVE-2015-1005date:2015-10-25T02:59:03.977