Vulnerabilites related to advantech - eki-1322
CVE-2015-7938 (GCVE-0-2015-7938)
Vulnerability from cvelistv5
Published
2016-01-09 02:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-09T02:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7938",
"datePublished": "2016-01-09T02:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6476 (GCVE-0-2015-6476)
Vulnerability from cvelistv5
Published
2015-11-07 02:00
Modified
2024-08-06 07:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-07T02:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6476",
"datePublished": "2015-11-07T02:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201511-0046
Vulnerability from variot
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party SSH Access may be gained through a session. Advantech EKI-122x-BE, EKI-132x and EKI-136x are all serial device networking servers of Advantech, Inc., which provide various redundant configurations and multiple channels for remote monitoring of serial devices via Ethernet communication protocol. Access configuration. Security vulnerabilities exist in several Advantech products. Multiple Advantech EKI products are prone to a security-bypass vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eki-1322 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.96"
},
{
"model": "eki-122x series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.49"
},
{
"model": "eki-1321 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.96"
},
{
"model": "eki-1361 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.17"
},
{
"model": "eki-1362 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "1.17"
},
{
"model": "eki-1221",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1221d",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1222",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1222d",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1224",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-122x series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.65"
},
{
"model": "eki-1321",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1321 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.98"
},
{
"model": "eki-1322",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1322 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.98"
},
{
"model": "eki-1361",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1361 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.27"
},
{
"model": "eki-1362",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1362 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "1.27"
},
{
"model": "eki-122x-be",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.65"
},
{
"model": "eki-132x",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.98"
},
{
"model": "eki-136x",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.27"
},
{
"model": "eki-1361 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.17"
},
{
"model": "eki-122x series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.49"
},
{
"model": "eki-1321 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.96"
},
{
"model": "eki-1362 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.17"
},
{
"model": "eki-1322 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "1.96"
},
{
"model": "eki-1360",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "0"
},
{
"model": "eki-1320",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "0"
},
{
"model": "eki-1220-be",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "0"
},
{
"model": "eki-1360",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "1.27"
},
{
"model": "eki-1320",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "1.98"
},
{
"model": "eki-1220-be",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "1.65"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1321 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1322 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1361 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1362 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 122x series",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:advantech:eki-1221",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1221d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1222",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1222d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1224",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-122x_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1321",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1321_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1322",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1322_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1361",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1361_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1362",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1362_series_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Neil Smith",
"sources": [
{
"db": "BID",
"id": "77498"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6476",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6476",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07475",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-84437",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6476",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6476",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07475",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-113",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84437",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party SSH Access may be gained through a session. Advantech EKI-122x-BE, EKI-132x and EKI-136x are all serial device networking servers of Advantech, Inc., which provide various redundant configurations and multiple channels for remote monitoring of serial devices via Ethernet communication protocol. Access configuration. Security vulnerabilities exist in several Advantech products. Multiple Advantech EKI products are prone to a security-bypass vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6476"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84437"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6476",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-309-01",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07475",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812",
"trust": 0.8
},
{
"db": "BID",
"id": "77498",
"trust": 0.4
},
{
"db": "IVD",
"id": "7C6174C4-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89764",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84437",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"id": "VAR-201511-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
}
]
},
"last_update_date": "2024-11-23T22:56:23.681000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EKI-136*",
"trust": 0.8,
"url": "http://support.advantech.com.tw/Support/SearchResult.aspx?keyword=EKI-136*\u0026searchtabs=Firmware"
},
{
"title": "EKI-132*",
"trust": 0.8,
"url": "http://support.advantech.com.tw/Support/SearchResult.aspx?keyword=EKI-132*\u0026searchtabs=Firmware"
},
{
"title": "EKI-122*",
"trust": 0.8,
"url": "http://support.advantech.com.tw/Support/SearchResult.aspx?keyword=EKI-122*\u0026searchtabs=Firmware"
},
{
"title": "Patches for several Advantech product SSH key vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66571"
},
{
"title": "Multiple Advantech Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58608"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-309-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6476"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6476"
},
{
"trust": 0.3,
"url": "http://www.advantech.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"db": "VULHUB",
"id": "VHN-84437"
},
{
"db": "BID",
"id": "77498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-12T00:00:00",
"db": "IVD",
"id": "7c6174c4-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"date": "2015-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84437"
},
{
"date": "2015-11-05T00:00:00",
"db": "BID",
"id": "77498"
},
{
"date": "2015-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"date": "2015-11-07T03:59:00.127000",
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07475"
},
{
"date": "2015-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84437"
},
{
"date": "2015-11-05T00:00:00",
"db": "BID",
"id": "77498"
},
{
"date": "2015-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005812"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-113"
},
{
"date": "2024-11-21T02:35:02.690000",
"db": "NVD",
"id": "CVE-2015-6476"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-113"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Advantech EKI Vulnerability to gain access rights in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005812"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "77498"
}
],
"trust": 0.3
}
}
var-201601-0060
Vulnerability from variot
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. Advantech EKI-132x The device firmware contains a vulnerability that prevents authentication.Authentication may be bypassed by a third party. The Advantech EKI-132x is a serial device networking server from Advantech, Inc., which provides a variety of redundant configurations and multiple access configurations for remote monitoring of serial devices over Ethernet communication protocols. Advantech EKI products are prone to a security-bypass vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eki-1322 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "2015-10-06"
},
{
"model": "eki-1321 series",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "2015-10-06"
},
{
"model": "eki-1321",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1321 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "2015-12-31"
},
{
"model": "eki-1322",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "eki-1322 series",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "2015-12-31"
},
{
"model": "eki-132x devices with",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "2015-12-31"
},
{
"model": "eki-1322 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "2015-10-06"
},
{
"model": "eki-1321 series",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "2015-10-06"
},
{
"model": "eki-1320",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "0"
},
{
"model": "eki-1320",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "2015-12-31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1321 series",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eki 1322 series",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"db": "BID",
"id": "80375"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-165"
},
{
"db": "NVD",
"id": "CVE-2015-7938"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:advantech:eki-1321",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1321_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:advantech:eki-1322",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:advantech:eki-1322_series_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HD Moore",
"sources": [
{
"db": "BID",
"id": "80375"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7938",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7938",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "661b6b70-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-85899",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7938",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7938",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-7938",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-00208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-165",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-85899",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"db": "VULHUB",
"id": "VHN-85899"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-165"
},
{
"db": "NVD",
"id": "CVE-2015-7938"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. Advantech EKI-132x The device firmware contains a vulnerability that prevents authentication.Authentication may be bypassed by a third party. The Advantech EKI-132x is a serial device networking server from Advantech, Inc., which provides a variety of redundant configurations and multiple access configurations for remote monitoring of serial devices over Ethernet communication protocols. Advantech EKI products are prone to a security-bypass vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"db": "BID",
"id": "80375"
},
{
"db": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-85899"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7938",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-344-01",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201601-165",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-00208",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784",
"trust": 0.8
},
{
"db": "BID",
"id": "80375",
"trust": 0.4
},
{
"db": "IVD",
"id": "661B6B70-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-85899",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"db": "VULHUB",
"id": "VHN-85899"
},
{
"db": "BID",
"id": "80375"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-165"
},
{
"db": "NVD",
"id": "CVE-2015-7938"
}
]
},
"id": "VAR-201601-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"db": "VULHUB",
"id": "VHN-85899"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00208"
}
]
},
"last_update_date": "2024-11-23T19:38:23.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EKI-1321",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/gf-5tqv/eki-1321/mod_9143df48-02da-47e9-b6de-4ab9660a6724"
},
{
"title": "EKI-1322",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/gf-5tqv/eki-1322/mod_c763aa63-c9d1-4dc6-85f6-3224786fb30a"
},
{
"title": "Advantech EKI-132x device verifies patches that bypass the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/69894"
},
{
"title": "Advantech EKI-132x Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59519"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85899"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"db": "NVD",
"id": "CVE-2015-7938"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7938"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7938"
},
{
"trust": 0.3,
"url": "http://www.advantech.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"db": "VULHUB",
"id": "VHN-85899"
},
{
"db": "BID",
"id": "80375"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-165"
},
{
"db": "NVD",
"id": "CVE-2015-7938"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"db": "VULHUB",
"id": "VHN-85899"
},
{
"db": "BID",
"id": "80375"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-165"
},
{
"db": "NVD",
"id": "CVE-2015-7938"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-14T00:00:00",
"db": "IVD",
"id": "661b6b70-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"date": "2016-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-85899"
},
{
"date": "2016-01-08T00:00:00",
"db": "BID",
"id": "80375"
},
{
"date": "2016-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"date": "2016-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-165"
},
{
"date": "2016-01-09T02:59:11.877000",
"db": "NVD",
"id": "CVE-2015-7938"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00208"
},
{
"date": "2016-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-85899"
},
{
"date": "2016-01-08T00:00:00",
"db": "BID",
"id": "80375"
},
{
"date": "2016-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006784"
},
{
"date": "2016-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-165"
},
{
"date": "2024-11-21T02:37:41.983000",
"db": "NVD",
"id": "CVE-2015-7938"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-165"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech EKI-132x Vulnerabilities that bypass authentication in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006784"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-165"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2015-11-07 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-1321_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F2BC-F142-416F-849C-2E373A06FCA3",
"versionEndIncluding": "1.96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:advantech:eki-1322_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9EAB7C-D317-4CDD-889B-AA421DF76694",
"versionEndIncluding": "1.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-1321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7B68EA-F9AD-4CC6-BAFA-B5129EEFE856",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1322:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A27AED1-8435-4E68-98B7-22E2ECE6174D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-1361_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F301098-8128-4926-90D6-0190964891D8",
"versionEndIncluding": "1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:advantech:eki-1362_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35F5689B-F1D2-400D-8DD5-C9DD5AAE72F4",
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-1361:*:*:*:*:*:*:*:*",
"matchCriteriaId": "925AC192-E081-450A-BFB4-73CF9728E22C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1362:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21ED3DFA-0A24-412F-ABDC-8C23893DAB37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-122x_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8217E10B-54CA-4664-A721-9CBA23A23F2B",
"versionEndIncluding": "1.49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-1221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "519A0B53-DACF-46FD-B52C-8691B931F6DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1221d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCC7BB2-333E-4C90-A2DE-81C9017AFD3F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1222:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23B86996-68E7-4314-8F28-2B275AFD3576",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1222d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "205149C4-040E-4F2C-A0B8-B39EE42CB70B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F74E576-4E04-48B0-8031-5F80E59EBFCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."
},
{
"lang": "es",
"value": "Dispositivos Advantech EKI-122x-BE con firmware en versiones anteriores a 1.65, disposititvos EKI-132x con firmware en versiones anteriores a 1.98 y dispositivos EKI-136x con firmware en versiones anteriores a 1.27 tienen claves SSH embebidas, lo que hace m\u00e1s facil a atacantes remotos obtener acceso a trav\u00e9s de una sesi\u00f3n SSH."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/798.html\" target=\"_blank\"\u003eCWE-798: Use of Hard-coded Credentials\u003c/a\u003e",
"id": "CVE-2015-6476",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-07T03:59:00.127",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-09 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-1321_series_firmware | * | |
| advantech | eki-1322_series_firmware | * | |
| advantech | eki-1321 | - | |
| advantech | eki-1322 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-1321_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C98583FB-60B8-4763-B13E-42A69B976A5F",
"versionEndIncluding": "2015-10-06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:advantech:eki-1322_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AB470F-CEF1-49AB-BF85-2AECF2ADE2A9",
"versionEndIncluding": "2015-10-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-1321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7B68EA-F9AD-4CC6-BAFA-B5129EEFE856",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:advantech:eki-1322:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A27AED1-8435-4E68-98B7-22E2ECE6174D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors."
},
{
"lang": "es",
"value": "Dispositivos EKI-132x con firmware en versiones anteriores a 2015-12-31 permiten a atacantes remotos eludir la autenticaci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7938",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-09T02:59:11.877",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}