Sign-up

ID

VAR-201601-0060


CVE

CVE-2015-7938


TITLE

Advantech EKI-132x Vulnerabilities that bypass authentication in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2015-006784

DESCRIPTION

Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. Advantech EKI-132x The device firmware contains a vulnerability that prevents authentication.Authentication may be bypassed by a third party. The Advantech EKI-132x is a serial device networking server from Advantech, Inc., which provides a variety of redundant configurations and multiple access configurations for remote monitoring of serial devices over Ethernet communication protocols. Advantech EKI products are prone to a security-bypass vulnerability

Trust: 2.7

sources: NVD: CVE-2015-7938 // JVNDB: JVNDB-2015-006784 // CNVD: CNVD-2016-00208 // BID: 80375 // IVD: 661b6b70-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-85899

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 661b6b70-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00208

AFFECTED PRODUCTS

vendor:advantechmodel:eki-1321 seriesscope:lteversion:2015-10-06

Trust: 1.0

vendor:advantechmodel:eki-1322 seriesscope:lteversion:2015-10-06

Trust: 1.0

vendor:advantechmodel:eki-1321scope: - version: -

Trust: 0.8

vendor:advantechmodel:eki-1321 seriesscope:ltversion:2015-12-31

Trust: 0.8

vendor:advantechmodel:eki-1322scope: - version: -

Trust: 0.8

vendor:advantechmodel:eki-1322 seriesscope:ltversion:2015-12-31

Trust: 0.8

vendor:advantechmodel:eki-132x devices withscope:ltversion:2015-12-31

Trust: 0.6

vendor:advantechmodel:eki-1322 seriesscope:eqversion:2015-10-06

Trust: 0.6

vendor:advantechmodel:eki-1321 seriesscope:eqversion:2015-10-06

Trust: 0.6

vendor:advantechmodel:eki-1320scope:eqversion:0

Trust: 0.3

vendor:advantechmodel:eki-1320scope:neversion:2015-12-31

Trust: 0.3

vendor:eki 1321 seriesmodel: - scope:eqversion:*

Trust: 0.2

vendor:eki 1322 seriesmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 661b6b70-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00208 // BID: 80375 // JVNDB: JVNDB-2015-006784 // CNNVD: CNNVD-201601-165 // NVD: CVE-2015-7938

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7938
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-7938
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-00208
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201601-165
value: CRITICAL

Trust: 0.6

IVD: 661b6b70-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-85899
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7938
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00208
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 661b6b70-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-85899
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7938
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: IVD: 661b6b70-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00208 // VULHUB: VHN-85899 // JVNDB: JVNDB-2015-006784 // CNNVD: CNNVD-201601-165 // NVD: CVE-2015-7938

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-85899 // JVNDB: JVNDB-2015-006784 // NVD: CVE-2015-7938

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-165

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201601-165

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006784

PATCH
title:EKI-1321url:http://www.advantech.co.jp/products/gf-5tqv/eki-1321/mod_9143df48-02da-47e9-b6de-4ab9660a6724
Trust: 0.8
title:EKI-1322url:http://www.advantech.co.jp/products/gf-5tqv/eki-1322/mod_c763aa63-c9d1-4dc6-85f6-3224786fb30a
Trust: 0.8
title:Advantech EKI-132x device verifies patches that bypass the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/69894
Trust: 0.6
title:Advantech EKI-132x Repair measures for device security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59519
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00208 // 
            
            
            
            JVNDB: JVNDB-2015-006784 // 
            
            
            
            CNNVD: CNNVD-201601-165

EXTERNAL IDS
db:NVDid:CVE-2015-7938
Trust: 3.6
db:ICS CERTid:ICSA-15-344-01
Trust: 3.4
db:CNNVDid:CNNVD-201601-165
Trust: 0.9
db:CNVDid:CNVD-2016-00208
Trust: 0.8
db:JVNDBid:JVNDB-2015-006784
Trust: 0.8
db:BIDid:80375
Trust: 0.4
db:IVDid:661B6B70-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-85899
Trust: 0.1
sources:
            
            
            IVD: 661b6b70-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2016-00208 // 
            
            
            
            VULHUB: VHN-85899 // 
            
            
            
            BID: 80375 // 
            
            
            
            JVNDB: JVNDB-2015-006784 // 
            
            
            
            CNNVD: CNNVD-201601-165 // 
            
            
            
            NVD: CVE-2015-7938

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-344-01
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7938
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7938
Trust: 0.8
url:http://www.advantech.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-00208 // 
            
            
            
            VULHUB: VHN-85899 // 
            
            
            
            BID: 80375 // 
            
            
            
            JVNDB: JVNDB-2015-006784 // 
            
            
            
            CNNVD: CNNVD-201601-165 // 
            
            
            
            NVD: CVE-2015-7938

CREDITS
HD Moore
Trust: 0.3
sources:
            
            
            BID: 80375

SOURCES
db:IVDid:661b6b70-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-00208
db:VULHUBid:VHN-85899
db:BIDid:80375
db:JVNDBid:JVNDB-2015-006784
db:CNNVDid:CNNVD-201601-165
db:NVDid:CVE-2015-7938

LAST UPDATE DATE
2025-04-13T20:10:05.425000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00208date:2016-01-14T00:00:00
db:VULHUBid:VHN-85899date:2016-01-18T00:00:00
db:BIDid:80375date:2016-01-08T00:00:00
db:JVNDBid:JVNDB-2015-006784date:2016-01-19T00:00:00
db:CNNVDid:CNNVD-201601-165date:2016-01-11T00:00:00
db:NVDid:CVE-2015-7938date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:661b6b70-2351-11e6-abef-000c29c66e3ddate:2016-01-14T00:00:00
db:CNVDid:CNVD-2016-00208date:2016-01-14T00:00:00
db:VULHUBid:VHN-85899date:2016-01-09T00:00:00
db:BIDid:80375date:2016-01-08T00:00:00
db:JVNDBid:JVNDB-2015-006784date:2016-01-19T00:00:00
db:CNNVDid:CNNVD-201601-165date:2016-01-11T00:00:00
db:NVDid:CVE-2015-7938date:2016-01-09T02:59:11.877