ID
VAR-201605-0034
CVE
CVE-2016-2311
TITLE
Black Box AlertWerks ServSensor Vulnerability to obtain administrator and user passwords in product firmware
Trust: 0.8
DESCRIPTION
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors. Black Box AlertWerks ServSensor is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. AlertWerks ServSensor is a core product for environmental monitoring system; AlertWerks ServSensor Junior is a remote environmental monitoring host product. The following models and versions are affected: Black Box AlertWerks ServSensor, EME105A, EME106A, EME108A-R2, EME109A-R2, EME110A-R2, AlertWerks ServSensor Junior, EME102A-R2, EME103A-R2, EME104A-R2, ServSensor Junior with PoE, EME152A, EME153A, EME154A, EME155A, EME158A, AlertWerks ServSensor Contact, EME111A-20-R2, EME111A?60-R2, EME112A-20-R2, EME112A-60-R2, EME113A, EME132A-20-R ?60-R2
Trust: 1.98
IOT TAXONOMY
| category: | ['network device'] | sub_category: | gateway | Trust: 0.1 |
AFFECTED PRODUCTS
| vendor: | blackbox | model: | alertwerks servsensor junior | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | blackbox | model: | alertwerks servsensor | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | blackbox | model: | alertwerks servsensor contact | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | black box network services | model: | alertwerks servsensor | scope: | - | version: | - | Trust: 0.8 |
| vendor: | black box network services | model: | alertwerks servsensor contact | scope: | - | version: | - | Trust: 0.8 |
| vendor: | black box network services | model: | alertwerks servsensor contact | scope: | lt | version: | sp473 | Trust: 0.8 |
| vendor: | black box network services | model: | alertwerks servsensor junior | scope: | eq | version: | none | Trust: 0.8 |
| vendor: | black box network services | model: | alertwerks servsensor junior | scope: | eq | version: | with poe | Trust: 0.8 |
| vendor: | black box network services | model: | alertwerks servsensor junior | scope: | lt | version: | sp473 | Trust: 0.8 |
| vendor: | black box network services | model: | alertwerks servsensor junior | scope: | lt | version: | sp473 (with poe) | Trust: 0.8 |
| vendor: | black box network services | model: | alertwerks servsensor | scope: | lt | version: | sp473 | Trust: 0.8 |
| vendor: | blackbox | model: | alertwerks servsensor junior eme152a | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor eme108a-r2 | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor junior eme155a | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor eme106a | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor junior eme154a | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor eme105a | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor eme109a-r2 | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor junior eme158a | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor junior eme153a | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | blackbox | model: | alertwerks servsensor eme110a-r2 | scope: | eq | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
| problemtype: | CWE-255 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | AlertWerks | url: | https://www.blackbox.co.jp/ja-jp/s///AlertWerks | Trust: 0.8 |
| title: | Multiple Black Box AlertWerks ServSensor Product security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61962 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-2311 | Trust: 2.9 |
| db: | ICS CERT | id: | ICSA-16-147-03 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2016-002966 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201605-652 | Trust: 0.7 |
| db: | BID | id: | 90899 | Trust: 0.4 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
| db: | VULHUB | id: | VHN-91130 | Trust: 0.1 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-16-147-03 | Trust: 2.5 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2311 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2311 | Trust: 0.8 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
CREDITS
Lee Ryman
Trust: 0.3
SOURCES
| db: | OTHER | id: | - |
| db: | VULHUB | id: | VHN-91130 |
| db: | BID | id: | 90899 |
| db: | JVNDB | id: | JVNDB-2016-002966 |
| db: | CNNVD | id: | CNNVD-201605-652 |
| db: | NVD | id: | CVE-2016-2311 |
LAST UPDATE DATE
2025-04-13T22:17:36.594000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-91130 | date: | 2017-04-07T00:00:00 |
| db: | BID | id: | 90899 | date: | 2016-05-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-002966 | date: | 2016-06-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201605-652 | date: | 2016-05-31T00:00:00 |
| db: | NVD | id: | CVE-2016-2311 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-91130 | date: | 2016-05-30T00:00:00 |
| db: | BID | id: | 90899 | date: | 2016-05-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-002966 | date: | 2016-06-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201605-652 | date: | 2016-05-27T00:00:00 |
| db: | NVD | id: | CVE-2016-2311 | date: | 2016-05-30T01:59:06.003 |