Sign-up

ID

VAR-201512-0024


CVE

CVE-2015-7931


TITLE

Adcon Telemetry A840 Telemetry Gateway Base station Java Client impersonation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006523

DESCRIPTION

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. The Adcon Telemetry A840 Telemetry Gateway is a core gateway product for monitoring networks in Adcon Telemetry, Austria. A hard-coded credentials security-bypass vulnerability 2. Multiple information-disclosure vulnerabilities 3. An authentication-bypass vulnerability Attackers can exploit these issues to gain unauthorized access to affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks. The vulnerability is due to the fact that the program does not use SSL to encrypt network communication

Trust: 2.61

sources: NVD: CVE-2015-7931 // JVNDB: JVNDB-2015-006523 // CNVD: CNVD-2015-08493 // BID: 79345 // VULHUB: VHN-85892 // VULMON: CVE-2015-7931

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08493

AFFECTED PRODUCTS

vendor:adconmodel:a840 telemetry gateway base stationscope:eqversion:*

Trust: 1.0

vendor:adcon telemetrymodel:a840 telemetry gatewayscope:eqversion: -

Trust: 0.8

vendor:adconmodel:telemetry a840 telemetry gateway icsa-15-349-01scope: - version: -

Trust: 0.6

vendor:adconmodel:a840 telemetry gateway base stationscope: - version: -

Trust: 0.6

vendor:adconmodel:telemetry a850 telemetry gatewayscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-08493 // BID: 79345 // JVNDB: JVNDB-2015-006523 // CNNVD: CNNVD-201512-504 // NVD: CVE-2015-7931

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7931
value: HIGH

Trust: 1.0

NVD: CVE-2015-7931
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08493
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-504
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85892
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-7931
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7931
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-08493
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85892
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7931
baseSeverity: HIGH
baseScore: 8.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.8
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-08493 // VULHUB: VHN-85892 // VULMON: CVE-2015-7931 // JVNDB: JVNDB-2015-006523 // CNNVD: CNNVD-201512-504 // NVD: CVE-2015-7931

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85892 // JVNDB: JVNDB-2015-006523 // NVD: CVE-2015-7931

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-504

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-504

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006523

PATCH
title:Base Stationsurl:http://www.adcon.at/index.php?option=com_hikashop&view=product&layout=listing&Itemid=219&lang=en
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006523

EXTERNAL IDS
db:ICS CERTid:ICSA-15-349-01
Trust: 3.5
db:NVDid:CVE-2015-7931
Trust: 3.5
db:BIDid:79345
Trust: 2.1
db:JVNDBid:JVNDB-2015-006523
Trust: 0.8
db:CNNVDid:CNNVD-201512-504
Trust: 0.7
db:CNVDid:CNVD-2015-08493
Trust: 0.6
db:VULHUBid:VHN-85892
Trust: 0.1
db:VULMONid:CVE-2015-7931
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08493 // 
            
            
            
            VULHUB: VHN-85892 // 
            
            
            
            VULMON: CVE-2015-7931 // 
            
            
            
            BID: 79345 // 
            
            
            
            JVNDB: JVNDB-2015-006523 // 
            
            
            
            CNNVD: CNNVD-201512-504 // 
            
            
            
            NVD: CVE-2015-7931

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-349-01
Trust: 3.6
url:http://www.securityfocus.com/bid/79345
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7931
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7931
Trust: 0.8
url:http://www.adcon.at/index.php?option=com_content&view=article&id=75:a850-telemetry-gateway&catid=8&itemid=196&lang=en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08493 // 
            
            
            
            VULHUB: VHN-85892 // 
            
            
            
            VULMON: CVE-2015-7931 // 
            
            
            
            BID: 79345 // 
            
            
            
            JVNDB: JVNDB-2015-006523 // 
            
            
            
            CNNVD: CNNVD-201512-504 // 
            
            
            
            NVD: CVE-2015-7931

CREDITS
Aditya K. Sood
Trust: 0.9
sources:
            
            
            BID: 79345 // 
            
            
            
            CNNVD: CNNVD-201512-504

SOURCES
db:CNVDid:CNVD-2015-08493
db:VULHUBid:VHN-85892
db:VULMONid:CVE-2015-7931
db:BIDid:79345
db:JVNDBid:JVNDB-2015-006523
db:CNNVDid:CNNVD-201512-504
db:NVDid:CVE-2015-7931

LAST UPDATE DATE
2025-04-13T23:03:36.802000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08493date:2015-12-28T00:00:00
db:VULHUBid:VHN-85892date:2016-11-28T00:00:00
db:VULMONid:CVE-2015-7931date:2016-11-28T00:00:00
db:BIDid:79345date:2015-12-15T00:00:00
db:JVNDBid:JVNDB-2015-006523date:2015-12-25T00:00:00
db:CNNVDid:CNNVD-201512-504date:2015-12-24T00:00:00
db:NVDid:CVE-2015-7931date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08493date:2015-12-28T00:00:00
db:VULHUBid:VHN-85892date:2015-12-24T00:00:00
db:VULMONid:CVE-2015-7931date:2015-12-24T00:00:00
db:BIDid:79345date:2015-12-15T00:00:00
db:JVNDBid:JVNDB-2015-006523date:2015-12-25T00:00:00
db:CNNVDid:CNNVD-201512-504date:2015-12-17T00:00:00
db:NVDid:CVE-2015-7931date:2015-12-24T01:59:01.113