Sign-up

ID

VAR-201512-0011


CVE

CVE-2015-7907


TITLE

Honeywell Midas Operates on gas detector Web Server traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006500

DESCRIPTION

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. Honeywell International Midas and Midas Black are gas detection equipment from Honeywell International. Multiple Honeywell Midas products are prone to directory-traversal and information-disclosure vulnerabilities. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks

Trust: 2.52

sources: NVD: CVE-2015-7907 // JVNDB: JVNDB-2015-006500 // CNVD: CNVD-2015-07944 // BID: 78541 // VULHUB: VHN-85868

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07944

AFFECTED PRODUCTS

vendor:honeywellmodel:midasscope:lteversion:1.13b1

Trust: 1.0

vendor:honeywellmodel:midas blackscope:lteversion:2.13b1

Trust: 1.0

vendor:honeywellmodel:midasscope: - version: -

Trust: 0.8

vendor:honeywellmodel:midas blackscope: - version: -

Trust: 0.8

vendor:honeywellmodel:midas blackscope:ltversion:2.13b3

Trust: 0.8

vendor:honeywellmodel:midasscope:ltversion:1.13b3

Trust: 0.8

vendor:honeywellmodel:international midas <=1.13b1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:international midas black <=2.13b1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:midas blackscope:eqversion:2.13b1

Trust: 0.6

vendor:honeywellmodel:midasscope:eqversion:1.13b1

Trust: 0.6

vendor:honeywellmodel:midas black 2.13b1scope: - version: -

Trust: 0.3

vendor:honeywellmodel:midas 1.13b1scope: - version: -

Trust: 0.3

vendor:honeywellmodel:midas black 2.13b3scope:neversion: -

Trust: 0.3

vendor:honeywellmodel:midas 1.13b3scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-07944 // BID: 78541 // JVNDB: JVNDB-2015-006500 // CNNVD: CNNVD-201512-037 // NVD: CVE-2015-7907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7907
value: HIGH

Trust: 1.0

NVD: CVE-2015-7907
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07944
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-037
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85868
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7907
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07944
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85868
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7907
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-07944 // VULHUB: VHN-85868 // JVNDB: JVNDB-2015-006500 // CNNVD: CNNVD-201512-037 // NVD: CVE-2015-7907

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-85868 // JVNDB: JVNDB-2015-006500 // NVD: CVE-2015-7907

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-037

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201512-037

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006500

PATCH
title:Midas ガス検知器url:http://www.honeywellanalytics.com/ja-jp/products/Midas
Trust: 0.8
title:Patch for Honeywell International Midas and Midas Black Validation Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/67704
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07944 // 
            
            
            
            JVNDB: JVNDB-2015-006500

EXTERNAL IDS
db:ICS CERTid:ICSA-15-309-02
Trust: 3.4
db:NVDid:CVE-2015-7907
Trust: 3.4
db:JVNDBid:JVNDB-2015-006500
Trust: 0.8
db:CNNVDid:CNNVD-201512-037
Trust: 0.7
db:CNVDid:CNVD-2015-07944
Trust: 0.6
db:BIDid:78541
Trust: 0.3
db:SEEBUGid:SSVID-90017
Trust: 0.1
db:VULHUBid:VHN-85868
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07944 // 
            
            
            
            VULHUB: VHN-85868 // 
            
            
            
            BID: 78541 // 
            
            
            
            JVNDB: JVNDB-2015-006500 // 
            
            
            
            CNNVD: CNNVD-201512-037 // 
            
            
            
            NVD: CVE-2015-7907

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-309-02
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7907
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7907
Trust: 0.8
url:http://www.honeywellanalytics.com/en-ca/products/midas
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07944 // 
            
            
            
            VULHUB: VHN-85868 // 
            
            
            
            BID: 78541 // 
            
            
            
            JVNDB: JVNDB-2015-006500 // 
            
            
            
            CNNVD: CNNVD-201512-037 // 
            
            
            
            NVD: CVE-2015-7907

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 78541

SOURCES
db:CNVDid:CNVD-2015-07944
db:VULHUBid:VHN-85868
db:BIDid:78541
db:JVNDBid:JVNDB-2015-006500
db:CNNVDid:CNNVD-201512-037
db:NVDid:CVE-2015-7907

LAST UPDATE DATE
2025-04-13T23:22:22.548000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07944date:2015-12-07T00:00:00
db:VULHUBid:VHN-85868date:2015-12-22T00:00:00
db:BIDid:78541date:2015-12-03T00:00:00
db:JVNDBid:JVNDB-2015-006500date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201512-037date:2015-12-22T00:00:00
db:NVDid:CVE-2015-7907date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07944date:2015-12-07T00:00:00
db:VULHUBid:VHN-85868date:2015-12-21T00:00:00
db:BIDid:78541date:2015-12-03T00:00:00
db:JVNDBid:JVNDB-2015-006500date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201512-037date:2015-12-04T00:00:00
db:NVDid:CVE-2015-7907date:2015-12-21T11:59:09.190