Details of VAR-201512-0013

ID

VAR-201512-0013

CVE

CVE-2015-7911

TITLE

plural Saia Burgess PCD Vulnerabilities that can gain management access in products

Trust: 0.8

sources: JVNDB: JVNDB-2015-006516

DESCRIPTION

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. Saia Burgess Controls PCD Controller is a family of programmable controllers for measurement, regulation and control tasks at Saia Burgess Controls, Switzerland. A number of security vulnerabilities exist in Saia Burgess Controls products that use hard-coded certificates for programs. A remote attacker could exploit the vulnerability to gain unauthorized access to the device. The following products and versions are affected: Saia Burgess Controls PCD7.D4xxxT5F, PCD7.D4xxV, PCD7.D4xxD, PCD7.D4xxWTPF, PCD7.D4xxxT5F, PCD7.D4xxV VGA MB Panels, PCD7.D4xxD SVGA MB Panels, PCD7.D4xxWTPF WVGA MB Panels 1.24.41 and earlier versions; PCD3.T665, PCD3.T666 1.24.30 and earlier versions; PCD1.M0xx0/M2xx0, PCD2.M5xx0, PCD3.Mxxx0, PCD3.Mxx60 1.24.25 and earlier versions

Trust: 2.7

sources: NVD: CVE-2015-7911 // JVNDB: JVNDB-2015-006516 // CNVD: CNVD-2015-07900 // BID: 78422 // IVD: 6d5ceb16-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-85872

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 6d5ceb16-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07900

AFFECTED PRODUCTS

vendor:	saia burgess controls	model:	pcd3.t666	scope:	lte	version:	1.24.30	Trust: 1.0
vendor:	saia burgess controls	model:	pcd1.m0xx0	scope:	lte	version:	1.24.25	Trust: 1.0
vendor:	saia burgess controls	model:	pcd7.d4xxxt5f	scope:	lte	version:	1.24.41	Trust: 1.0
vendor:	saia burgess controls	model:	pcd3.mxxx0	scope:	lte	version:	1.24.25	Trust: 1.0
vendor:	saia burgess controls	model:	pcd7.d4xxv	scope:	lte	version:	1.24.41	Trust: 1.0
vendor:	saia burgess controls	model:	pcd7.d4xxv vga mb	scope:	lte	version:	1.24.41	Trust: 1.0
vendor:	saia burgess controls	model:	pcd7.d4xxd	scope:	lte	version:	1.24.41	Trust: 1.0
vendor:	saia burgess controls	model:	pcd7.d4xxd svga mb	scope:	lte	version:	1.24.41	Trust: 1.0
vendor:	saia burgess controls	model:	pcd3.t665	scope:	lte	version:	1.24.30	Trust: 1.0
vendor:	saia burgess controls	model:	pcd3.mxx60	scope:	lte	version:	1.24.25	Trust: 1.0
vendor:	saia burgess controls	model:	pcd2.m5xx0	scope:	lte	version:	1.24.25	Trust: 1.0
vendor:	saia burgess controls	model:	pcd7.d4xxwtpf wvga mb	scope:	eq	version:	1.24.41	Trust: 1.0
vendor:	saia burgess controls	model:	pcd7.d4xxwtpf	scope:	lte	version:	1.24.41	Trust: 1.0
vendor:	saia burgess controls	model:	pcd1.m2xx0	scope:	lte	version:	1.24.25	Trust: 1.0
vendor:	saia burgess controls	model:	pcd1.m0xx0	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd1.m0xx0	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia burgess controls	model:	pcd1.m2xx0	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd1.m2xx0	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia burgess controls	model:	pcd2.m5xx0	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd2.m5xx0	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia burgess controls	model:	pcd3.mxx60	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd3.mxx60	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia burgess controls	model:	pcd3.mxxx0	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd3.mxxx0	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia burgess controls	model:	pcd3.t665	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd3.t665	scope:	lt	version:	1.24.41	Trust: 0.8
vendor:	saia burgess controls	model:	pcd3.t666	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd3.t666	scope:	lt	version:	1.24.41	Trust: 0.8
vendor:	saia burgess controls	model:	pcd7.d4xxd svga mb panels	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd7.d4xxd svga mb panels	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia burgess controls	model:	pcd7.d4xxv vga mb panels	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd7.d4xxv vga mb panels	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia burgess controls	model:	pcd7.d4xxwtpf wvga mb panels	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd7.d4xxwtpf wvga mb panels	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia burgess controls	model:	pcd7.d4xxxt5f	scope:	-	version:	-	Trust: 0.8
vendor:	saia burgess controls	model:	pcd7.d4xxxt5f	scope:	lt	version:	1.24.50	Trust: 0.8
vendor:	saia	model:	burgess controls pcd7.d4xxwtpf	scope:	lt	version:	1.24.50	Trust: 0.6
vendor:	saia	model:	burgess controls pcd7.d4xxd	scope:	lt	version:	1.24.50	Trust: 0.6
vendor:	saia	model:	burgess controls pcd7.d4xxv	scope:	lt	version:	1.24.50	Trust: 0.6
vendor:	saia	model:	burgess controls pcd7.d4xxxt5f	scope:	lt	version:	1.24.50	Trust: 0.6
vendor:	saia	model:	burgess controls pcd3.mxx60	scope:	lt	version:	1.24.50	Trust: 0.6
vendor:	saia	model:	burgess controls pcd3.mxxx0	scope:	lt	version:	1.24.50	Trust: 0.6
vendor:	saia	model:	burgess controls pcd2.m5xx0	scope:	lt	version:	1.24.50	Trust: 0.6
vendor:	saia	model:	burgess controls pcd1.m0xx0/m2xx0	scope:	lt	version:	1.24.50	Trust: 0.6
vendor:	saia	model:	burgess controls pcd3.t665	scope:	lt	version:	1.24.41	Trust: 0.6
vendor:	saia	model:	burgess controls pcd3.t666	scope:	lt	version:	1.24.41	Trust: 0.6
vendor:	saia burgess controls	model:	pcd7.d4xxv	scope:	eq	version:	1.24.41	Trust: 0.6
vendor:	saia burgess controls	model:	pcd7.d4xxd svga mb	scope:	eq	version:	1.24.41	Trust: 0.6
vendor:	saia burgess controls	model:	pcd3.mxx60	scope:	eq	version:	1.24.25	Trust: 0.6
vendor:	saia burgess controls	model:	pcd7.d4xxv vga mb	scope:	eq	version:	1.24.41	Trust: 0.6
vendor:	saia burgess controls	model:	pcd3.mxxx0	scope:	eq	version:	1.24.25	Trust: 0.6
vendor:	saia burgess controls	model:	pcd3.t665	scope:	eq	version:	1.24.30	Trust: 0.6
vendor:	saia burgess controls	model:	pcd3.t666	scope:	eq	version:	1.24.30	Trust: 0.6
vendor:	saia burgess controls	model:	pcd1.m2xx0	scope:	eq	version:	1.24.25	Trust: 0.6
vendor:	saia burgess controls	model:	pcd7.d4xxxt5f	scope:	eq	version:	1.24.41	Trust: 0.6
vendor:	saia burgess controls	model:	pcd7.d4xxd	scope:	eq	version:	1.24.41	Trust: 0.6
vendor:	saia	model:	burgess controls pcd7.d4xxxt5f	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxwtpf wvga mb panels	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxwtpf	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxv vga mb panels	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxv	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxd svga mb panels	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxd	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd3.t666	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd3.t665	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd3.mxxx0	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd3.mxx60	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd2.m5xx0	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd1.m2xx0	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd1.m0xx0	scope:	eq	version:	0	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxxt5f	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxwtpf wvga mb panels	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxwtpf	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxv vga mb panels	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxv	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxd svga mb panels	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd7.d4xxd	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd3.t666	scope:	ne	version:	1.24.41	Trust: 0.3
vendor:	saia	model:	burgess controls pcd3.t665	scope:	ne	version:	1.24.41	Trust: 0.3
vendor:	saia	model:	burgess controls pcd3.mxxx0	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd3.mxx60	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd2.m5xx0	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd1.m2xx0	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	saia	model:	burgess controls pcd1.m0xx0	scope:	ne	version:	1.24.50	Trust: 0.3
vendor:	pcd7 d4xxv vga mb	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd7 d4xxwtpf wvga mb	model:	-	scope:	eq	version:	1.24.41	Trust: 0.2
vendor:	pcd7 d4xxwtpf	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd1 m0xx0	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd7 d4xxxt5f	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd7 d4xxv	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd7 d4xxd	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd3 mxxx0	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd7 d4xxd svga mb	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd3 t666	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd1 m2xx0	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd3 mxx60	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd3 t665	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pcd2 m5xx0	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 6d5ceb16-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07900 // BID: 78422 // JVNDB: JVNDB-2015-006516 // CNNVD: CNNVD-201512-006 // NVD: CVE-2015-7911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7911
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-7911
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-07900
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201512-006
value:	CRITICAL
Trust: 0.6
IVD:	6d5ceb16-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-85872
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7911
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07900
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6d5ceb16-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-85872
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7911
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.0

sources: IVD: 6d5ceb16-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07900 // VULHUB: VHN-85872 // JVNDB: JVNDB-2015-006516 // CNNVD: CNNVD-201512-006 // NVD: CVE-2015-7911

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-85872 // JVNDB: JVNDB-2015-006516 // NVD: CVE-2015-7911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-006

TYPE

Trust management

Trust: 0.8

sources: IVD: 6d5ceb16-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201512-006

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006516

PATCH

title:	Firmware for Saia PCD COSinus	url:	https://www.sbc-support.com/en/product-index/firmware-for-saia-pcdr-cosinus/firmware-used-in-production/	Trust: 0.8
title:	Patches for several PCA hardcoded password vulnerabilities in Saia Burgess Controls products	url:	https://www.cnvd.org.cn/patchInfo/show/67571	Trust: 0.6
title:	Multiple Saia Burgess Controls Fixes for device trust management vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58874	Trust: 0.6

sources: CNVD: CNVD-2015-07900 // JVNDB: JVNDB-2015-006516 // CNNVD: CNNVD-201512-006

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7911	Trust: 3.6
db:	ICS CERT	id:	ICSA-15-335-01	Trust: 3.4
db:	CNNVD	id:	CNNVD-201512-006	Trust: 0.9
db:	CNVD	id:	CNVD-2015-07900	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006516	Trust: 0.8
db:	BID	id:	78422	Trust: 0.4
db:	IVD	id:	6D5CEB16-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-85872	Trust: 0.1

sources: IVD: 6d5ceb16-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07900 // VULHUB: VHN-85872 // BID: 78422 // JVNDB: JVNDB-2015-006516 // CNNVD: CNNVD-201512-006 // NVD: CVE-2015-7911

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-335-01	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7911	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7911	Trust: 0.8
url:	http://www.saia-pcd.com/saia-burgess-controls-ag/	Trust: 0.3

sources: CNVD: CNVD-2015-07900 // VULHUB: VHN-85872 // BID: 78422 // JVNDB: JVNDB-2015-006516 // CNNVD: CNNVD-201512-006 // NVD: CVE-2015-7911

CREDITS

Artyom Kurbatov

Trust: 0.3

sources: BID: 78422

SOURCES

db:	IVD	id:	6d5ceb16-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-07900
db:	VULHUB	id:	VHN-85872
db:	BID	id:	78422
db:	JVNDB	id:	JVNDB-2015-006516
db:	CNNVD	id:	CNNVD-201512-006
db:	NVD	id:	CVE-2015-7911

LAST UPDATE DATE

2025-04-13T23:29:31.227000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07900	date:	2015-12-03T00:00:00
db:	VULHUB	id:	VHN-85872	date:	2015-12-23T00:00:00
db:	BID	id:	78422	date:	2015-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-006516	date:	2015-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201512-006	date:	2015-12-24T00:00:00
db:	NVD	id:	CVE-2015-7911	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	6d5ceb16-2351-11e6-abef-000c29c66e3d	date:	2015-12-03T00:00:00
db:	CNVD	id:	CNVD-2015-07900	date:	2015-12-03T00:00:00
db:	VULHUB	id:	VHN-85872	date:	2015-12-23T00:00:00
db:	BID	id:	78422	date:	2015-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-006516	date:	2015-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201512-006	date:	2015-12-02T00:00:00
db:	NVD	id:	CVE-2015-7911	date:	2015-12-23T03:59:03.200