Sign-up

ID

VAR-201512-0028


CVE

CVE-2015-7936


TITLE

Motorola Solutions MOSCAD SCADA IP Gateway Cross-Site Request Forgery Vulnerability

Trust: 1.4

sources: IVD: 6d73bc1a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-08448 // CNNVD: CNNVD-201512-544

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password. Motorola Solutions MOSCAD SCADA IP Gateway is a set of Web-based management system-based SCADA systems from Motorola Solutions. An attacker can exploit these vulnerabilities to obtain potentially sensitive information, execute arbitrary script code in the context of the web server process and to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. A remote attacker can exploit this vulnerability to change the password

Trust: 2.7

sources: NVD: CVE-2015-7936 // JVNDB: JVNDB-2015-006514 // CNVD: CNVD-2015-08448 // BID: 79624 // IVD: 6d73bc1a-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-85897

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

category:['network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None // IVD: 6d73bc1a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-08448

AFFECTED PRODUCTS

vendor:motorolamodel:moscad ip gatewayscope:eqversion:*

Trust: 1.0

vendor:motorolamodel:moscad ip gatewayscope:eqversion: -

Trust: 0.8

vendor:motorolamodel:solutions inc moscad ip gatewayscope: - version: -

Trust: 0.6

vendor:motorolamodel:moscad ip gatewayscope: - version: -

Trust: 0.6

vendor:motorolamodel:moscad ip gatewayscope:eqversion:0

Trust: 0.3

vendor:moscad ip gatewaymodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 6d73bc1a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-08448 // BID: 79624 // JVNDB: JVNDB-2015-006514 // CNNVD: CNNVD-201512-544 // NVD: CVE-2015-7936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7936
value: HIGH

Trust: 1.0

NVD: CVE-2015-7936
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08448
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201512-544
value: MEDIUM

Trust: 0.6

IVD: 6d73bc1a-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-85897
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7936
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-08448
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6d73bc1a-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-85897
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7936
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: IVD: 6d73bc1a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-08448 // VULHUB: VHN-85897 // JVNDB: JVNDB-2015-006514 // CNNVD: CNNVD-201512-544 // NVD: CVE-2015-7936

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-85897 // JVNDB: JVNDB-2015-006514 // NVD: CVE-2015-7936

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-544

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201512-544

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006514

PATCH
title:Top Pageurl:https://www.motorolasolutions.com/ja_jp.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006514

EXTERNAL IDS
db:NVDid:CVE-2015-7936
Trust: 3.7
db:ICS CERTid:ICSA-15-351-02
Trust: 2.8
db:BIDid:79624
Trust: 2.6
db:CNNVDid:CNNVD-201512-544
Trust: 0.9
db:CNVDid:CNVD-2015-08448
Trust: 0.8
db:JVNDBid:JVNDB-2015-006514
Trust: 0.8
db:IVDid:6D73BC1A-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-85897
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: 6d73bc1a-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-08448 // 
            
            
            
            VULHUB: VHN-85897 // 
            
            
            
            BID: 79624 // 
            
            
            
            JVNDB: JVNDB-2015-006514 // 
            
            
            
            CNNVD: CNNVD-201512-544 // 
            
            
            
            NVD: CVE-2015-7936

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-351-02
Trust: 2.8
url:http://www.securityfocus.com/bid/79624
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7936
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7936
Trust: 0.8
url:http://www.motorola.com/us
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2015-08448 // 
            
            
            
            VULHUB: VHN-85897 // 
            
            
            
            BID: 79624 // 
            
            
            
            JVNDB: JVNDB-2015-006514 // 
            
            
            
            CNNVD: CNNVD-201512-544 // 
            
            
            
            NVD: CVE-2015-7936

CREDITS
Aditya K. Sood
Trust: 0.9
sources:
            
            
            BID: 79624 // 
            
            
            
            CNNVD: CNNVD-201512-544

SOURCES
db:OTHERid: - 
db:IVDid:6d73bc1a-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-08448
db:VULHUBid:VHN-85897
db:BIDid:79624
db:JVNDBid:JVNDB-2015-006514
db:CNNVDid:CNNVD-201512-544
db:NVDid:CVE-2015-7936

LAST UPDATE DATE
2025-04-13T21:04:33.851000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08448date:2015-12-24T00:00:00
db:VULHUBid:VHN-85897date:2016-11-28T00:00:00
db:BIDid:79624date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006514date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201512-544date:2015-12-24T00:00:00
db:NVDid:CVE-2015-7936date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:6d73bc1a-2351-11e6-abef-000c29c66e3ddate:2015-12-24T00:00:00
db:CNVDid:CNVD-2015-08448date:2015-12-24T00:00:00
db:VULHUBid:VHN-85897date:2015-12-23T00:00:00
db:BIDid:79624date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006514date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201512-544date:2015-12-21T00:00:00
db:NVDid:CVE-2015-7936date:2015-12-23T03:59:06.187