ID
VAR-201511-0017
CVE
CVE-2015-7910
TITLE
Exemys Telemetry Web Server Authentication Bypass Vulnerability
Trust: 0.8
DESCRIPTION
Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Exemys Telemetry Web Server is a web-based SCADA system from Exemys, Argentina. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Trust: 2.61
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | exemys | model: | telemetry web server | scope: | - | version: | - | Trust: 2.0 |
| vendor: | exemys | model: | telemetry web server | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | exemys | model: | srl telemetry web server | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | telemetry web server | model: | - | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.8 |
| problemtype: | CWE-284 | Trust: 1.0 |
| problemtype: | CWE-Other | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Top Page | url: | http://www.exemys.com/beta/english/index.shtml | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-7910 | Trust: 3.5 |
| db: | ICS CERT | id: | ICSA-15-321-01 | Trust: 3.3 |
| db: | BID | id: | 77630 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2015-07683 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201511-285 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2015-005977 | Trust: 0.8 |
| db: | IVD | id: | 6D5E2D1E-2351-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-15-321-01 | Trust: 3.3 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7910 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7910 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/77630 | Trust: 0.6 |
| url: | http://exemys.com.ar/beta/english/products/telemetry_web_server/ | Trust: 0.3 |
CREDITS
Maxim Rupp
Trust: 0.3
SOURCES
| db: | IVD | id: | 6d5e2d1e-2351-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2015-07683 |
| db: | BID | id: | 77630 |
| db: | JVNDB | id: | JVNDB-2015-005977 |
| db: | CNNVD | id: | CNNVD-201511-285 |
| db: | NVD | id: | CVE-2015-7910 |
LAST UPDATE DATE
2025-04-12T23:29:30.616000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-07683 | date: | 2015-11-20T00:00:00 |
| db: | BID | id: | 77630 | date: | 2015-11-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005977 | date: | 2015-11-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-285 | date: | 2015-11-20T00:00:00 |
| db: | NVD | id: | CVE-2015-7910 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | IVD | id: | 6d5e2d1e-2351-11e6-abef-000c29c66e3d | date: | 2015-11-20T00:00:00 |
| db: | CNVD | id: | CNVD-2015-07683 | date: | 2015-11-20T00:00:00 |
| db: | BID | id: | 77630 | date: | 2015-11-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005977 | date: | 2015-11-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-285 | date: | 2015-11-18T00:00:00 |
| db: | NVD | id: | CVE-2015-7910 | date: | 2015-11-19T11:59:01.657 |