Vulnerabilites related to advantech - eki-1222
var-201502-0270
Vulnerability from variot
Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. Advantech EKI-1200 Gateway is Advantech's EKI-1200 series Modbus data gateway product, which is mainly used to integrate Modbus/RTU and Modbus/ASCI serial devices into a two-way gateway based on TCP/IP network. An unknown buffer overflow vulnerability exists in the Advantech EKI-1200 Series. Advantech EKI-1200 Series is prone to an unspecified buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eki-1200 gateway series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.62"
},
{
"model": "eki-1200 modbus gateway series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.63"
},
{
"model": "eki-1221",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1221d",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1222",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1222d",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1224",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1200 gateway",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.63"
},
{
"model": "eki-1200 gateway series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.62"
},
{
"model": "eki-1200",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "1.6"
},
{
"model": "eki-1200",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1200 gateway series",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"db": "BID",
"id": "72580"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-296"
},
{
"db": "NVD",
"id": "CVE-2014-8385"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:advantech:eki-1200_gateway_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1221",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1221d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1222",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1222d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1224",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Enrique Nissim and Pablo Lorenzzato from Core Security Engineering Team",
"sources": [
{
"db": "BID",
"id": "72580"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-296"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8385",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8385",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01247",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a23796e2-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-76330",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8385",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8385",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-01247",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-296",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-76330",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"db": "VULHUB",
"id": "VHN-76330"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-296"
},
{
"db": "NVD",
"id": "CVE-2014-8385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. Advantech EKI-1200 Gateway is Advantech\u0027s EKI-1200 series Modbus data gateway product, which is mainly used to integrate Modbus/RTU and Modbus/ASCI serial devices into a two-way gateway based on TCP/IP network. An unknown buffer overflow vulnerability exists in the Advantech EKI-1200 Series. Advantech EKI-1200 Series is prone to an unspecified buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8385"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"db": "BID",
"id": "72580"
},
{
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76330"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8385",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-041-01",
"trust": 3.4
},
{
"db": "BID",
"id": "72580",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201502-296",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-01247",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887",
"trust": 0.8
},
{
"db": "IVD",
"id": "A23796E2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76330",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"db": "VULHUB",
"id": "VHN-76330"
},
{
"db": "BID",
"id": "72580"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-296"
},
{
"db": "NVD",
"id": "CVE-2014-8385"
}
]
},
"id": "VAR-201502-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"db": "VULHUB",
"id": "VHN-76330"
}
],
"trust": 1.7000000000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01247"
}
]
},
"last_update_date": "2024-11-23T22:27:11.774000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Modbus\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/Modbus-Gateway/sub_GF-5TZ5.aspx"
},
{
"title": "Firmware Ver. 1.63 for Modbus Gateway EKI-1221D-AE",
"trust": 0.8,
"url": "http://support.advantech.com.tw/Support/DownloadSRDetail_New.aspx?SR_ID=1-V6XOHK\u0026amp;Doc_Source=Download"
},
{
"title": "Patch for Unknown Buffer Overflow Vulnerability in Advantech EKI-1200 Series",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/55469"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76330"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"db": "NVD",
"id": "CVE-2014-8385"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-041-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8385"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8385"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72580/info"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72580"
},
{
"trust": 0.3,
"url": "http://www.advantech.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"db": "VULHUB",
"id": "VHN-76330"
},
{
"db": "BID",
"id": "72580"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-296"
},
{
"db": "NVD",
"id": "CVE-2014-8385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"db": "VULHUB",
"id": "VHN-76330"
},
{
"db": "BID",
"id": "72580"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-296"
},
{
"db": "NVD",
"id": "CVE-2014-8385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-27T00:00:00",
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"date": "2015-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-76330"
},
{
"date": "2015-02-10T00:00:00",
"db": "BID",
"id": "72580"
},
{
"date": "2015-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"date": "2015-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-296"
},
{
"date": "2015-02-13T02:59:07.127000",
"db": "NVD",
"id": "CVE-2014-8385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01247"
},
{
"date": "2015-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-76330"
},
{
"date": "2015-02-10T00:00:00",
"db": "BID",
"id": "72580"
},
{
"date": "2015-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007887"
},
{
"date": "2015-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-296"
},
{
"date": "2024-11-21T02:18:59.953000",
"db": "NVD",
"id": "CVE-2014-8385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-296"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech EKI-1200 Gateway firmware buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007887"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a23796e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-296"
}
],
"trust": 0.8
}
}
var-201511-0046
Vulnerability from variot
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party SSH Access may be gained through a session. Advantech EKI-122x-BE, EKI-132x and EKI-136x are all serial device networking servers of Advantech, Inc., which provide various redundant configurations and multiple channels for remote monitoring of serial devices via Ethernet communication protocol. Access configuration. Security vulnerabilities exist in several Advantech products. Multiple Advantech EKI products are prone to a security-bypass vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eki-1322 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.96"
},
{
"model": "eki-122x series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.49"
},
{
"model": "eki-1321 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.96"
},
{
"model": "eki-1361 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.17"
},
{
"model": "eki-1362 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.17"
},
{
"model": "eki-1221",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1221d",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1222",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1222d",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1224",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-122x series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.65"
},
{
"model": "eki-1321",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1321 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.98"
},
{
"model": "eki-1322",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1322 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.98"
},
{
"model": "eki-1361",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1361 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.27"
},
{
"model": "eki-1362",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1362 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.27"
},
{
"model": "eki-122x-be",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.65"
},
{
"model": "eki-132x",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.98"
},
{
"model": "eki-136x",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.27"
},
{
"model": "eki-1361 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.17"
},
{
"model": "eki-122x series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.49"
},
{
"model": "eki-1321 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.96"
},
{
"model": "eki-1362 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.17"
},
{
"model": "eki-1322 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.96"
},
{
"model": "eki-1360",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "0"
},
{
"model": "eki-1320",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "0"
},
{
"model": "eki-1220-be",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "0"
},
{
"model": "eki-1360",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "1.27"
},
{
"model": "eki-1320",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "1.98"
},
{
"model": "eki-1220-be",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "1.65"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1321 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1322 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1361 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1362 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 122x series",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:advantech:eki-1221",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1221d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1222",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1222d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1224",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-122x_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1321",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1321_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1322",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1322_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1361",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1361_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1362",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1362_series_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Neil Smith",
"sources": [
{
"db": "BID",
"id": "77498"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6476",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6476",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07475",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-84437",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6476",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6476",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07475",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-113",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84437",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party SSH Access may be gained through a session. Advantech EKI-122x-BE, EKI-132x and EKI-136x are all serial device networking servers of Advantech, Inc., which provide various redundant configurations and multiple channels for remote monitoring of serial devices via Ethernet communication protocol. Access configuration. Security vulnerabilities exist in several Advantech products. Multiple Advantech EKI products are prone to a security-bypass vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6476"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84437"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6476",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-309-01",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07475",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812",
"trust": 0.8
},
{
"db": "BID",
"id": "77498",
"trust": 0.4
},
{
"db": "IVD",
"id": "7C6174C4-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89764",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84437",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"id": "VAR-201511-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
}
]
},
"last_update_date": "2024-11-23T22:56:23.681000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EKI-136*",
"trust": 0.8,
"url": "http://support.advantech.com.tw/Support/SearchResult.aspx?keyword=EKI-136*\u0026searchtabs=Firmware"
},
{
"title": "EKI-132*",
"trust": 0.8,
"url": "http://support.advantech.com.tw/Support/SearchResult.aspx?keyword=EKI-132*\u0026searchtabs=Firmware"
},
{
"title": "EKI-122*",
"trust": 0.8,
"url": "http://support.advantech.com.tw/Support/SearchResult.aspx?keyword=EKI-122*\u0026searchtabs=Firmware"
},
{
"title": "Patches for several Advantech product SSH key vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66571"
},
{
"title": "Multiple Advantech Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58608"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-309-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6476"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6476"
},
{
"trust": 0.3,
"url": "http://www.advantech.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-12T00:00:00",
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"date": "2015-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84437"
},
{
"date": "2015-11-05T00:00:00",
"db": "BID",
"id": "77498"
},
{
"date": "2015-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"date": "2015-11-07T03:59:00.127000",
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"date": "2015-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84437"
},
{
"date": "2015-11-05T00:00:00",
"db": "BID",
"id": "77498"
},
{
"date": "2015-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"date": "2024-11-21T02:35:02.690000",
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Advantech EKI Vulnerability to gain access rights in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "77498"
}
],
"trust": 0.3
}
}
Vulnerability from fkie_nvd
Published
2015-11-07 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-1321_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F2BC-F142-416F-849C-2E373A06FCA3",
"versionEndIncluding": "1.96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:advantech:eki-1322_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9EAB7C-D317-4CDD-889B-AA421DF76694",
"versionEndIncluding": "1.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-1321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7B68EA-F9AD-4CC6-BAFA-B5129EEFE856",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1322:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A27AED1-8435-4E68-98B7-22E2ECE6174D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-1361_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F301098-8128-4926-90D6-0190964891D8",
"versionEndIncluding": "1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:advantech:eki-1362_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35F5689B-F1D2-400D-8DD5-C9DD5AAE72F4",
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-1361:*:*:*:*:*:*:*:*",
"matchCriteriaId": "925AC192-E081-450A-BFB4-73CF9728E22C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1362:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21ED3DFA-0A24-412F-ABDC-8C23893DAB37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-122x_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8217E10B-54CA-4664-A721-9CBA23A23F2B",
"versionEndIncluding": "1.49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-1221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "519A0B53-DACF-46FD-B52C-8691B931F6DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1221d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCC7BB2-333E-4C90-A2DE-81C9017AFD3F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1222:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23B86996-68E7-4314-8F28-2B275AFD3576",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1222d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "205149C4-040E-4F2C-A0B8-B39EE42CB70B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F74E576-4E04-48B0-8031-5F80E59EBFCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."
},
{
"lang": "es",
"value": "Dispositivos Advantech EKI-122x-BE con firmware en versiones anteriores a 1.65, disposititvos EKI-132x con firmware en versiones anteriores a 1.98 y dispositivos EKI-136x con firmware en versiones anteriores a 1.27 tienen claves SSH embebidas, lo que hace m\u00e1s facil a atacantes remotos obtener acceso a trav\u00e9s de una sesi\u00f3n SSH."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/798.html\" target=\"_blank\"\u003eCWE-798: Use of Hard-coded Credentials\u003c/a\u003e",
"id": "CVE-2015-6476",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-07T03:59:00.127",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-13 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-1200_gateway_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55E38F73-2921-4B22-BC75-B3E39EEE900D",
"versionEndIncluding": "1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-1221:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF68C24-50F1-4787-BE9C-239D3EECDC58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1221d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02F1327A-B789-4228-9C4B-BA268E51B2A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1222:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2552D510-CF16-4D89-905B-CBDFCA823EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1222d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C45EFA-F054-4195-AA46-1F367A46FC15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1224:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0257A7-0B2C-4006-B923-B5AD667B2883",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en las pasarelas Advantech EKI-1200 con firmware anterior a 1.63 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8385",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-13T02:59:07.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-8385 (GCVE-0-2014-8385)
Vulnerability from cvelistv5
Published
2015-02-13 02:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-13T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8385",
"datePublished": "2015-02-13T02:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:47.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6476 (GCVE-0-2015-6476)
Vulnerability from cvelistv5
Published
2015-11-07 02:00
Modified
2024-08-06 07:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-07T02:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6476",
"datePublished": "2015-11-07T02:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}