Sign-up

ID

VAR-201512-0070


CVE

CVE-2015-6471


TITLE

Eaton Cooper Power System Form 6 Control and Idea/IdeaPLUS Relays Run on ProView Vulnerability where important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-006511

DESCRIPTION

Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. Eaton Form 6 control and Idea/IdeaPLUS are products of Eaton Corporation of the United States. The former is a controller product that provides instant access operations and quickly determines device status and locates device failures. The latter is a relay protection platform. An attacker could exploit the vulnerability to disclose information. Multiple Eaton Cooper Power Systems products are prone to an information-disclosure vulnerability

Trust: 2.7

sources: NVD: CVE-2015-6471 // JVNDB: JVNDB-2015-006511 // CNVD: CNVD-2015-07811 // BID: 77819 // IVD: 1899dbe4-82f8-4e24-a1ab-d648877eec3f // VULMON: CVE-2015-6471

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1899dbe4-82f8-4e24-a1ab-d648877eec3f // CNVD: CNVD-2015-07811

AFFECTED PRODUCTS

vendor:eatonmodel:proviewscope:eqversion:5.0.2

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0.9

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0.5

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0.6

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0.1

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0.3

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:4.0

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0.10

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0.4

Trust: 1.6

vendor:eatonmodel:proviewscope:eqversion:5.0.8

Trust: 1.0

vendor:eatonmodel:proviewscope:eqversion:5.0.7

Trust: 1.0

vendor:eatonmodel:proviewscope:eqversion:5.1

Trust: 0.8

vendor:eatonmodel:proviewscope:eqversion:4.x

Trust: 0.8

vendor:eatonmodel:proviewscope:ltversion:5.x

Trust: 0.8

vendor:eatonmodel:form controlscope:eqversion:6

Trust: 0.6

vendor:eatonmodel:dea/ideaplusscope: - version: -

Trust: 0.6

vendor:eatonmodel:cooper power systems form recloser control pro viewscope:eqversion:65.0

Trust: 0.3

vendor:eatonmodel:cooper power systems form recloser control pro viewscope:eqversion:64.0

Trust: 0.3

vendor:eatonmodel:cooper power systems edison idea relays pro viewscope:eqversion:5.0

Trust: 0.3

vendor:eatonmodel:cooper power systems edison idea relays pro viewscope:eqversion:4.0

Trust: 0.3

vendor:proviewmodel: - scope:eqversion:4.0

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.1

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.2

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.3

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.4

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.5

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.6

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.7

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.8

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.9

Trust: 0.2

vendor:proviewmodel: - scope:eqversion:5.0.10

Trust: 0.2

sources: IVD: 1899dbe4-82f8-4e24-a1ab-d648877eec3f // CNVD: CNVD-2015-07811 // BID: 77819 // JVNDB: JVNDB-2015-006511 // CNNVD: CNNVD-201511-420 // NVD: CVE-2015-6471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6471
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6471
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07811
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201511-420
value: MEDIUM

Trust: 0.6

IVD: 1899dbe4-82f8-4e24-a1ab-d648877eec3f
value: MEDIUM

Trust: 0.2

VULMON: CVE-2015-6471
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6471
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-07811
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1899dbe4-82f8-4e24-a1ab-d648877eec3f
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2015-6471
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: IVD: 1899dbe4-82f8-4e24-a1ab-d648877eec3f // CNVD: CNVD-2015-07811 // VULMON: CVE-2015-6471 // JVNDB: JVNDB-2015-006511 // CNNVD: CNNVD-201511-420 // NVD: CVE-2015-6471

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2015-006511 // NVD: CVE-2015-6471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-420

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201511-420

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006511

PATCH
title:ProView Software Downloadurl:http://www.cooperindustries.com/content/public/en/power_systems/products/controls_and_relays/recloser_controls/proview-software-for-form-6-control.html
Trust: 0.8
title:Patch for Eaton Form 6 control and Idea/IdeaPLUS Information Disclosure Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/67229
Trust: 0.6
title:Eaton Form 6 control  and Idea/IdeaPLUS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58855
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07811 // 
            
            
            
            JVNDB: JVNDB-2015-006511 // 
            
            
            
            CNNVD: CNNVD-201511-420

EXTERNAL IDS
db:NVDid:CVE-2015-6471
Trust: 3.6
db:ICS CERTid:ICSA-15-295-01
Trust: 3.4
db:CNVDid:CNVD-2015-07811
Trust: 0.8
db:CNNVDid:CNNVD-201511-420
Trust: 0.8
db:JVNDBid:JVNDB-2015-006511
Trust: 0.8
db:BIDid:77819
Trust: 0.4
db:IVDid:1899DBE4-82F8-4E24-A1AB-D648877EEC3F
Trust: 0.2
db:VULMONid:CVE-2015-6471
Trust: 0.1
sources:
            
            
            IVD: 1899dbe4-82f8-4e24-a1ab-d648877eec3f // 
            
            
            
            CNVD: CNVD-2015-07811 // 
            
            
            
            VULMON: CVE-2015-6471 // 
            
            
            
            BID: 77819 // 
            
            
            
            JVNDB: JVNDB-2015-006511 // 
            
            
            
            CNNVD: CNNVD-201511-420 // 
            
            
            
            NVD: CVE-2015-6471

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-295-01
Trust: 3.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6471
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6471
Trust: 0.8
url:http://www.ibm.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/77819
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07811 // 
            
            
            
            VULMON: CVE-2015-6471 // 
            
            
            
            BID: 77819 // 
            
            
            
            JVNDB: JVNDB-2015-006511 // 
            
            
            
            CNNVD: CNNVD-201511-420 // 
            
            
            
            NVD: CVE-2015-6471

CREDITS
David Formby and Raheem Beyah of Georgia Tech
Trust: 0.3
sources:
            
            
            BID: 77819

SOURCES
db:IVDid:1899dbe4-82f8-4e24-a1ab-d648877eec3f
db:CNVDid:CNVD-2015-07811
db:VULMONid:CVE-2015-6471
db:BIDid:77819
db:JVNDBid:JVNDB-2015-006511
db:CNNVDid:CNNVD-201511-420
db:NVDid:CVE-2015-6471

LAST UPDATE DATE
2025-04-13T23:18:01.971000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07811date:2015-11-27T00:00:00
db:VULMONid:CVE-2015-6471date:2015-12-23T00:00:00
db:BIDid:77819date:2015-11-24T00:00:00
db:JVNDBid:JVNDB-2015-006511date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201511-420date:2015-12-24T00:00:00
db:NVDid:CVE-2015-6471date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:1899dbe4-82f8-4e24-a1ab-d648877eec3fdate:2015-11-27T00:00:00
db:CNVDid:CNVD-2015-07811date:2015-11-27T00:00:00
db:VULMONid:CVE-2015-6471date:2015-12-23T00:00:00
db:BIDid:77819date:2015-11-24T00:00:00
db:JVNDBid:JVNDB-2015-006511date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201511-420date:2015-11-25T00:00:00
db:NVDid:CVE-2015-6471date:2015-12-23T03:59:01.170