Search criteria
6 vulnerabilities found for midas_firmware by honeywell
FKIE_CVE-2015-7908
Vulnerability from fkie_nvd - Published: 2015-12-21 11:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | midas_firmware | * | |
| honeywell | midas | - | |
| honeywell | midas_black_firmware | * | |
| honeywell | midas_black | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:midas_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56D32C02-3E80-42C7-97A9-C308BDCC2EAC",
"versionEndIncluding": "1.13b1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:midas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF8434A-BEB5-43E1-B7D9-E6D38EA08F10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:midas_black_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71AF6C8E-7ABC-4885-8199-FBC20184143B",
"versionEndIncluding": "2.13b1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:midas_black:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D03830CD-24B1-4AB5-8069-3E7E323C7E34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network."
},
{
"lang": "es",
"value": "Detectores de gas Honeywell Midas en versiones anteriores a 1.13b3 y detectores de gas Midas Black en versiones anteriores a 2.13b3 permiten a atacantes remotos descubrir contrase\u00f1as en texto plano rastreando la red."
}
],
"id": "CVE-2015-7908",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-21T11:59:10.220",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7907
Vulnerability from fkie_nvd - Published: 2015-12-21 11:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | midas_black_firmware | * | |
| honeywell | midas_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:midas_black_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71AF6C8E-7ABC-4885-8199-FBC20184143B",
"versionEndIncluding": "2.13b1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:midas_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56D32C02-3E80-42C7-97A9-C308BDCC2EAC",
"versionEndIncluding": "1.13b1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor web en los detectores de gas de Honeywell Midas en versiones anteriores a 1.13b3 y en detectores de gas de Midas Black en versiones anteriores a 2.13b3 permite a atacantes remotos eludir la autenticaci\u00f3n y escribir a un archivo de configuraci\u00f3n o desencadenar una calibraci\u00f3n o una prueba a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7907",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-21T11:59:09.190",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-7907 (GCVE-0-2015-7907)
Vulnerability from cvelistv5 – Published: 2015-12-21 11:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-21T08:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7907",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7908 (GCVE-0-2015-7908)
Vulnerability from cvelistv5 – Published: 2015-12-21 11:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-21T08:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7908",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7907 (GCVE-0-2015-7907)
Vulnerability from nvd – Published: 2015-12-21 11:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-21T08:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7907",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7908 (GCVE-0-2015-7908)
Vulnerability from nvd – Published: 2015-12-21 11:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-21T08:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7908",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}