Sign-up

ID

VAR-201512-0012


CVE

CVE-2015-7908


TITLE

Honeywell Midas Vulnerability to obtain plaintext password in gas detector

Trust: 0.8

sources: JVNDB: JVNDB-2015-006489

DESCRIPTION

Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. Honeywell International Midas and Midas Black are gas detection equipment from Honeywell International, USA. Multiple Honeywell Midas products are prone to directory-traversal and information-disclosure vulnerabilities. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks. A remote attacker could exploit this vulnerability by sniffing the network to obtain clear text passwords

Trust: 2.88

sources: NVD: CVE-2015-7908 // JVNDB: JVNDB-2015-006489 // CNVD: CNVD-2015-07945 // BID: 78541 // IVD: 6d5f744e-2351-11e6-abef-000c29c66e3d // IVD: 6d61028c-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-85869

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 6d5f744e-2351-11e6-abef-000c29c66e3d // IVD: 6d61028c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07945

AFFECTED PRODUCTS

vendor:honeywellmodel:midasscope:lteversion:1.13b1

Trust: 1.0

vendor:honeywellmodel:midas blackscope:lteversion:2.13b1

Trust: 1.0

vendor:honeywellmodel:midasscope: - version: -

Trust: 0.8

vendor:honeywellmodel:midas blackscope: - version: -

Trust: 0.8

vendor:honeywellmodel:midas blackscope:ltversion:2.13b3

Trust: 0.8

vendor:honeywellmodel:midasscope:ltversion:1.13b3

Trust: 0.8

vendor:honeywellmodel:international midas <=1.13b1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:international midas black <=2.13b1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:midas blackscope:eqversion:2.13b1

Trust: 0.6

vendor:honeywellmodel:midasscope:eqversion:1.13b1

Trust: 0.6

vendor:midasmodel: - scope:eqversion:*

Trust: 0.4

vendor:midas blackmodel: - scope:eqversion:*

Trust: 0.4

vendor:honeywellmodel:midas black 2.13b1scope: - version: -

Trust: 0.3

vendor:honeywellmodel:midas 1.13b1scope: - version: -

Trust: 0.3

vendor:honeywellmodel:midas black 2.13b3scope:neversion: -

Trust: 0.3

vendor:honeywellmodel:midas 1.13b3scope:neversion: -

Trust: 0.3

sources: IVD: 6d5f744e-2351-11e6-abef-000c29c66e3d // IVD: 6d61028c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07945 // BID: 78541 // JVNDB: JVNDB-2015-006489 // CNNVD: CNNVD-201512-036 // NVD: CVE-2015-7908

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7908
value: HIGH

Trust: 1.0

NVD: CVE-2015-7908
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-07945
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-036
value: CRITICAL

Trust: 0.6

IVD: 6d5f744e-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 6d61028c-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-85869
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7908
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07945
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6d5f744e-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 6d61028c-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-85869
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 6d5f744e-2351-11e6-abef-000c29c66e3d // IVD: 6d61028c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07945 // VULHUB: VHN-85869 // JVNDB: JVNDB-2015-006489 // CNNVD: CNNVD-201512-036 // NVD: CVE-2015-7908

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85869 // JVNDB: JVNDB-2015-006489 // NVD: CVE-2015-7908

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-036

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-036

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006489

PATCH
title:Midas ガス検知器url:http://www.honeywellanalytics.com/ja-jp/products/Midas
Trust: 0.8
title:Honeywell International Midas and Midas Black Password Verification Loophole Patchurl:https://www.cnvd.org.cn/patchInfo/show/67703
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07945 // 
            
            
            
            JVNDB: JVNDB-2015-006489

EXTERNAL IDS
db:NVDid:CVE-2015-7908
Trust: 3.8
db:ICS CERTid:ICSA-15-309-02
Trust: 3.4
db:CNNVDid:CNNVD-201512-036
Trust: 1.1
db:CNVDid:CNVD-2015-07945
Trust: 1.0
db:JVNDBid:JVNDB-2015-006489
Trust: 0.8
db:BIDid:78541
Trust: 0.3
db:IVDid:6D5F744E-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:6D61028C-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:SEEBUGid:SSVID-90018
Trust: 0.1
db:VULHUBid:VHN-85869
Trust: 0.1
sources:
            
            
            IVD: 6d5f744e-2351-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 6d61028c-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-07945 // 
            
            
            
            VULHUB: VHN-85869 // 
            
            
            
            BID: 78541 // 
            
            
            
            JVNDB: JVNDB-2015-006489 // 
            
            
            
            CNNVD: CNNVD-201512-036 // 
            
            
            
            NVD: CVE-2015-7908

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-309-02
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7908
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7908
Trust: 0.8
url:http://www.honeywellanalytics.com/en-ca/products/midas
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07945 // 
            
            
            
            VULHUB: VHN-85869 // 
            
            
            
            BID: 78541 // 
            
            
            
            JVNDB: JVNDB-2015-006489 // 
            
            
            
            CNNVD: CNNVD-201512-036 // 
            
            
            
            NVD: CVE-2015-7908

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 78541

SOURCES
db:IVDid:6d5f744e-2351-11e6-abef-000c29c66e3d
db:IVDid:6d61028c-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-07945
db:VULHUBid:VHN-85869
db:BIDid:78541
db:JVNDBid:JVNDB-2015-006489
db:CNNVDid:CNNVD-201512-036
db:NVDid:CVE-2015-7908

LAST UPDATE DATE
2025-04-12T23:22:12.602000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07945date:2015-12-07T00:00:00
db:VULHUBid:VHN-85869date:2015-12-21T00:00:00
db:BIDid:78541date:2015-12-03T00:00:00
db:JVNDBid:JVNDB-2015-006489date:2015-12-22T00:00:00
db:CNNVDid:CNNVD-201512-036date:2015-12-22T00:00:00
db:NVDid:CVE-2015-7908date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:6d5f744e-2351-11e6-abef-000c29c66e3ddate:2015-12-07T00:00:00
db:IVDid:6d61028c-2351-11e6-abef-000c29c66e3ddate:2015-12-07T00:00:00
db:CNVDid:CNVD-2015-07945date:2015-12-07T00:00:00
db:VULHUBid:VHN-85869date:2015-12-21T00:00:00
db:BIDid:78541date:2015-12-03T00:00:00
db:JVNDBid:JVNDB-2015-006489date:2015-12-22T00:00:00
db:CNNVDid:CNNVD-201512-036date:2015-12-04T00:00:00
db:NVDid:CVE-2015-7908date:2015-12-21T11:59:10.220