Sign-up

ID

VAR-201512-0027


CVE

CVE-2015-7935


TITLE

Motorola Solutions MOSCAD IP Gateway Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2015-006513

DESCRIPTION

Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. An attacker can exploit these vulnerabilities to obtain potentially sensitive information, execute arbitrary script code in the context of the web server process and to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks

Trust: 2.7

sources: NVD: CVE-2015-7935 // JVNDB: JVNDB-2015-006513 // CNVD: CNVD-2015-08447 // BID: 79624 // IVD: 6d74f7e2-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-85896

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

category:['network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None // IVD: 6d74f7e2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-08447

AFFECTED PRODUCTS

vendor:motorolamodel:moscad ip gatewayscope:eqversion:*

Trust: 1.0

vendor:motorolamodel:moscad ip gatewayscope:eqversion: -

Trust: 0.8

vendor:motorolamodel:solutions inc moscad ip gatewayscope: - version: -

Trust: 0.6

vendor:motorolamodel:moscad ip gatewayscope: - version: -

Trust: 0.6

vendor:motorolamodel:moscad ip gatewayscope:eqversion:0

Trust: 0.3

vendor:moscad ip gatewaymodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 6d74f7e2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-08447 // BID: 79624 // JVNDB: JVNDB-2015-006513 // CNNVD: CNNVD-201512-543 // NVD: CVE-2015-7935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7935
value: HIGH

Trust: 1.0

NVD: CVE-2015-7935
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08447
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201512-543
value: MEDIUM

Trust: 0.6

IVD: 6d74f7e2-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-85896
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7935
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-08447
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6d74f7e2-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-85896
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7935
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: IVD: 6d74f7e2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-08447 // VULHUB: VHN-85896 // JVNDB: JVNDB-2015-006513 // CNNVD: CNNVD-201512-543 // NVD: CVE-2015-7935

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85896 // JVNDB: JVNDB-2015-006513 // NVD: CVE-2015-7935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-543

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-543

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006513

PATCH
title:Top Pageurl:https://www.motorolasolutions.com/ja_jp.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006513

EXTERNAL IDS
db:NVDid:CVE-2015-7935
Trust: 3.7
db:ICS CERTid:ICSA-15-351-02
Trust: 2.8
db:BIDid:79624
Trust: 2.6
db:CNNVDid:CNNVD-201512-543
Trust: 0.9
db:CNVDid:CNVD-2015-08447
Trust: 0.8
db:JVNDBid:JVNDB-2015-006513
Trust: 0.8
db:IVDid:6D74F7E2-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-85896
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: 6d74f7e2-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-08447 // 
            
            
            
            VULHUB: VHN-85896 // 
            
            
            
            BID: 79624 // 
            
            
            
            JVNDB: JVNDB-2015-006513 // 
            
            
            
            CNNVD: CNNVD-201512-543 // 
            
            
            
            NVD: CVE-2015-7935

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-351-02
Trust: 2.8
url:http://www.securityfocus.com/bid/79624
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7935
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7935
Trust: 0.8
url:http://www.motorola.com/us
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2015-08447 // 
            
            
            
            VULHUB: VHN-85896 // 
            
            
            
            BID: 79624 // 
            
            
            
            JVNDB: JVNDB-2015-006513 // 
            
            
            
            CNNVD: CNNVD-201512-543 // 
            
            
            
            NVD: CVE-2015-7935

CREDITS
Aditya K. Sood
Trust: 0.9
sources:
            
            
            BID: 79624 // 
            
            
            
            CNNVD: CNNVD-201512-543

SOURCES
db:OTHERid: - 
db:IVDid:6d74f7e2-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-08447
db:VULHUBid:VHN-85896
db:BIDid:79624
db:JVNDBid:JVNDB-2015-006513
db:CNNVDid:CNNVD-201512-543
db:NVDid:CVE-2015-7935

LAST UPDATE DATE
2025-04-13T22:04:48.773000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08447date:2015-12-24T00:00:00
db:VULHUBid:VHN-85896date:2016-11-28T00:00:00
db:BIDid:79624date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006513date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201512-543date:2015-12-24T00:00:00
db:NVDid:CVE-2015-7935date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:6d74f7e2-2351-11e6-abef-000c29c66e3ddate:2015-12-24T00:00:00
db:CNVDid:CNVD-2015-08447date:2015-12-24T00:00:00
db:VULHUBid:VHN-85896date:2015-12-23T00:00:00
db:BIDid:79624date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006513date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201512-543date:2015-12-21T00:00:00
db:NVDid:CVE-2015-7935date:2015-12-23T03:59:05.217