Sign-up

ID

VAR-201603-0067


CVE

CVE-2015-6485


TITLE

plural Schneider Electric Vulnerabilities in which important information can be obtained from device memory in product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2015-007003

DESCRIPTION

Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. SchneiderElectricTelventSage3030M is an industrial data communication device used by Schneider Electric in France for the energy sector. The SchneiderElectricTelventSage3030M failed to properly populate the data fields in the Ethernet packet, allowing remote attackers to exploit the vulnerability to submit special requests for sensitive information. Schneider Electric Telvent Sage 3030M, etc

Trust: 2.43

sources: NVD: CVE-2015-6485 // JVNDB: JVNDB-2015-007003 // CNVD: CNVD-2016-01662 // IVD: 5dc11a24-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-84446

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 5dc11a24-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01662

AFFECTED PRODUCTS

vendor:schneider electricmodel:sage 2300scope:eqversion: -

Trust: 1.2

vendor:schneider electricmodel:telvent rtuscope:eqversion:c3414-500-s02j1

Trust: 1.2

vendor:schneider electricmodel:telvent rtuscope:lteversion:c3414-500-s02j1

Trust: 1.0

vendor:schneider electricmodel:telvent rtuscope:lteversion:c3413-500-001d3

Trust: 1.0

vendor:schneider electricmodel:landac ii-2scope:ltversion:firmware c3414-500-s02j2

Trust: 0.8

vendor:schneider electricmodel:sage 1410 rtuscope:ltversion:firmware c3414-500-s02j2

Trust: 0.8

vendor:schneider electricmodel:sage 1430 rtuscope:ltversion:firmware c3414-500-s02j2

Trust: 0.8

vendor:schneider electricmodel:sage 1450 rtuscope:ltversion:firmware c3414-500-s02j2

Trust: 0.8

vendor:schneider electricmodel:sage 2300scope:ltversion:firmware c3413-500-s01

Trust: 0.8

vendor:schneider electricmodel:sage 2400 rtuscope:ltversion:firmware c3414-500-s02j2

Trust: 0.8

vendor:schneider electricmodel:sage 3030mscope:ltversion:firmware c3414-500-s02j2

Trust: 0.8

vendor:schneidermodel:electric telvent sage 3030m c3414-500-s02j2scope:ltversion: -

Trust: 0.6

vendor:schneidermodel:electric telvent sage c3414-500-s02j2scope:eqversion:1410<

Trust: 0.6

vendor:schneidermodel:electric telvent sage c3414-500-s02j2scope:eqversion:1430<

Trust: 0.6

vendor:schneidermodel:electric telvent sage c3414-500-s02j2scope:eqversion:1450<

Trust: 0.6

vendor:schneidermodel:electric telvent sage c3413-500-s01scope:eqversion:2300<

Trust: 0.6

vendor:schneidermodel:electric telvent sage c3414-500-s02j2scope:eqversion:2400<

Trust: 0.6

vendor:schneidermodel:electric landac ii-2 c3414-500-s02j2scope:ltversion: -

Trust: 0.6

vendor:telvent rtumodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 5dc11a24-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01662 // JVNDB: JVNDB-2015-007003 // CNNVD: CNNVD-201603-171 // NVD: CVE-2015-6485

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6485
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6485
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-01662
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201603-171
value: MEDIUM

Trust: 0.6

IVD: 5dc11a24-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-84446
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6485
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01662
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5dc11a24-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-84446
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6485
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: IVD: 5dc11a24-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01662 // VULHUB: VHN-84446 // JVNDB: JVNDB-2015-007003 // CNNVD: CNNVD-201603-171 // NVD: CVE-2015-6485

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84446 // JVNDB: JVNDB-2015-007003 // NVD: CVE-2015-6485

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-171

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201603-171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007003

PATCH
title:SAGEurl:https://infrastructurecommunity.schneider-electric.com/community/products/infrastructure-products/sage
Trust: 0.8
title:Patches for multiple SchneiderElectricTelvent product data breach vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/72718
Trust: 0.6
title:Multiple Schneider Electric Telvent Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60531
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-01662 // 
            
            
            
            JVNDB: JVNDB-2015-007003 // 
            
            
            
            CNNVD: CNNVD-201603-171

EXTERNAL IDS
db:NVDid:CVE-2015-6485
Trust: 3.3
db:ICS CERTid:ICSA-16-070-01
Trust: 3.1
db:CNNVDid:CNNVD-201603-171
Trust: 0.9
db:CNVDid:CNVD-2016-01662
Trust: 0.8
db:JVNDBid:JVNDB-2015-007003
Trust: 0.8
db:IVDid:5DC11A24-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:BIDid:84315
Trust: 0.1
db:VULHUBid:VHN-84446
Trust: 0.1
sources:
            
            
            IVD: 5dc11a24-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2016-01662 // 
            
            
            
            VULHUB: VHN-84446 // 
            
            
            
            JVNDB: JVNDB-2015-007003 // 
            
            
            
            CNNVD: CNNVD-201603-171 // 
            
            
            
            NVD: CVE-2015-6485

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-070-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6485
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6485
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-01662 // 
            
            
            
            VULHUB: VHN-84446 // 
            
            
            
            JVNDB: JVNDB-2015-007003 // 
            
            
            
            CNNVD: CNNVD-201603-171 // 
            
            
            
            NVD: CVE-2015-6485

SOURCES
db:IVDid:5dc11a24-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-01662
db:VULHUBid:VHN-84446
db:JVNDBid:JVNDB-2015-007003
db:CNNVDid:CNNVD-201603-171
db:NVDid:CVE-2015-6485

LAST UPDATE DATE
2025-04-12T23:08:57.367000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01662date:2016-03-16T00:00:00
db:VULHUBid:VHN-84446date:2018-10-30T00:00:00
db:JVNDBid:JVNDB-2015-007003date:2016-03-23T00:00:00
db:CNNVDid:CNNVD-201603-171date:2016-03-14T00:00:00
db:NVDid:CVE-2015-6485date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:5dc11a24-2351-11e6-abef-000c29c66e3ddate:2016-03-16T00:00:00
db:CNVDid:CNVD-2016-01662date:2016-03-16T00:00:00
db:VULHUBid:VHN-84446date:2016-03-12T00:00:00
db:JVNDBid:JVNDB-2015-007003date:2016-03-23T00:00:00
db:CNNVDid:CNNVD-201603-171date:2016-03-11T00:00:00
db:NVDid:CVE-2015-6485date:2016-03-12T02:59:00.113