VAR-201512-0024
Vulnerability from variot - Updated: 2023-12-18 12:44The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. The Adcon Telemetry A840 Telemetry Gateway is a core gateway product for monitoring networks in Adcon Telemetry, Austria. A hard-coded credentials security-bypass vulnerability 2. Multiple information-disclosure vulnerabilities 3. An authentication-bypass vulnerability Attackers can exploit these issues to gain unauthorized access to affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks. The vulnerability is due to the fact that the program does not use SSL to encrypt network communication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a840 telemetry gateway base station",
"scope": "eq",
"trust": 1.0,
"vendor": "adcon",
"version": "*"
},
{
"model": "a840 telemetry gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "adcon telemetry",
"version": null
},
{
"model": "telemetry a840 telemetry gateway icsa-15-349-01",
"scope": null,
"trust": 0.6,
"vendor": "adcon",
"version": null
},
{
"model": "a840 telemetry gateway base station",
"scope": null,
"trust": 0.6,
"vendor": "adcon",
"version": null
},
{
"model": "telemetry a850 telemetry gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "adcon",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"db": "BID",
"id": "79345"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"db": "NVD",
"id": "CVE-2015-7931"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adcon:a840_telemetry_gateway_base_station_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya K. Sood",
"sources": [
{
"db": "BID",
"id": "79345"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7931",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7931",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-08493",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85892",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7931",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7931",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08493",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-504",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85892",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7931",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"db": "VULHUB",
"id": "VHN-85892"
},
{
"db": "VULMON",
"id": "CVE-2015-7931"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"db": "NVD",
"id": "CVE-2015-7931"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. The Adcon Telemetry A840 Telemetry Gateway is a core gateway product for monitoring networks in Adcon Telemetry, Austria. A hard-coded credentials security-bypass vulnerability\n2. Multiple information-disclosure vulnerabilities\n3. An authentication-bypass vulnerability\nAttackers can exploit these issues to gain unauthorized access to affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks. The vulnerability is due to the fact that the program does not use SSL to encrypt network communication",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7931"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"db": "BID",
"id": "79345"
},
{
"db": "VULHUB",
"id": "VHN-85892"
},
{
"db": "VULMON",
"id": "CVE-2015-7931"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-15-349-01",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2015-7931",
"trust": 3.5
},
{
"db": "BID",
"id": "79345",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006523",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-504",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08493",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85892",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7931",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"db": "VULHUB",
"id": "VHN-85892"
},
{
"db": "VULMON",
"id": "CVE-2015-7931"
},
{
"db": "BID",
"id": "79345"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"db": "NVD",
"id": "CVE-2015-7931"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
]
},
"id": "VAR-201512-0024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"db": "VULHUB",
"id": "VHN-85892"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08493"
}
]
},
"last_update_date": "2023-12-18T12:44:57.670000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Base Stations",
"trust": 0.8,
"url": "http://www.adcon.at/index.php?option=com_hikashop\u0026view=product\u0026layout=listing\u0026itemid=219\u0026lang=en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"db": "NVD",
"id": "CVE-2015-7931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-349-01"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/79345"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7931"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7931"
},
{
"trust": 0.3,
"url": "http://www.adcon.at/index.php?option=com_content\u0026view=article\u0026id=75:a850-telemetry-gateway\u0026catid=8\u0026itemid=196\u0026lang=en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"db": "VULHUB",
"id": "VHN-85892"
},
{
"db": "VULMON",
"id": "CVE-2015-7931"
},
{
"db": "BID",
"id": "79345"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"db": "NVD",
"id": "CVE-2015-7931"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"db": "VULHUB",
"id": "VHN-85892"
},
{
"db": "VULMON",
"id": "CVE-2015-7931"
},
{
"db": "BID",
"id": "79345"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"db": "NVD",
"id": "CVE-2015-7931"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"date": "2015-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-85892"
},
{
"date": "2015-12-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7931"
},
{
"date": "2015-12-15T00:00:00",
"db": "BID",
"id": "79345"
},
{
"date": "2015-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"date": "2015-12-24T01:59:01.113000",
"db": "NVD",
"id": "CVE-2015-7931"
},
{
"date": "2015-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08493"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85892"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7931"
},
{
"date": "2015-12-15T00:00:00",
"db": "BID",
"id": "79345"
},
{
"date": "2015-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006523"
},
{
"date": "2016-11-28T19:45:01.130000",
"db": "NVD",
"id": "CVE-2015-7931"
},
{
"date": "2015-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adcon Telemetry A840 Telemetry Gateway Base station Java Client impersonation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006523"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-504"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…