fkie_cve-2016-2311
Vulnerability from fkie_nvd
Published
2016-05-30 01:59
Modified
2025-04-12 10:46
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.
References
ics-cert@hq.dhs.govhttps://ics-cert.us-cert.gov/advisories/ICSA-16-147-03Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
blackbox alertwerks_servsensor_junior_eme102a-r2 -
blackbox alertwerks_servsensor_junior_eme103a-r2 -
blackbox alertwerks_servsensor_junior_eme104a-r2 -
blackbox alertwerks_servsensor_junior_firmware -
blackbox alertwerks_servsensor_contact_eme111a-20-r2 -
blackbox alertwerks_servsensor_contact_eme111a-60-r2 -
blackbox alertwerks_servsensor_contact_eme112a-20-r2 -
blackbox alertwerks_servsensor_contact_eme112a-60-r2 -
blackbox alertwerks_servsensor_contact_eme113a-20-r2 -
blackbox alertwerks_servsensor_contact_eme113a-60-r2 -
blackbox alertwerks_servsensor_contact_firmware -
blackbox _alertwerks_servsensor_eme106a -
blackbox _alertwerks_servsensor_eme108a-r2 -
blackbox _alertwerks_servsensor_eme109a-r2 -
blackbox _alertwerks_servsensor_eme110a-r2 -
blackbox alertwerks_servsensor_eme105a -
blackbox alertwerks_servsensor_firmware -
blackbox alertwerks_servsensor_junior_eme152a -
blackbox alertwerks_servsensor_junior_eme153a -
blackbox alertwerks_servsensor_junior_eme154a -
blackbox alertwerks_servsensor_junior_eme155a -
blackbox alertwerks_servsensor_junior_eme158a -
blackbox alertwerks_servsensor_junior_firmware -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_junior_eme102a-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5442D3D-3A7A-4E4D-8F1A-89799F692336",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_junior_eme103a-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7155A60A-BFD8-4A3B-99EC-1436D414062C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_junior_eme104a-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A2F50F-0881-4303-B3EC-C8CC3218B49B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:blackbox:alertwerks_servsensor_junior_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FDAF0E2-AEE2-4BC8-B109-50FAA1D432AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_contact_eme111a-20-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E4B819B-3D80-45C7-8D86-E56A67F096F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_contact_eme111a-60-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6FE837-3A62-4CFD-B509-6E9D90377391",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_contact_eme112a-20-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB3F5137-9EBA-477F-AE8A-B5BA98BB1B33",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_contact_eme112a-60-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9A12E1-283D-43DE-AADD-EF46BD555826",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_contact_eme113a-20-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1735CF06-3DBA-4DB5-90CB-62F482B71313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_contact_eme113a-60-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E7A6D5B-57E0-4AB7-8F0D-E95E766F8589",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:blackbox:alertwerks_servsensor_contact_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E40C7-5BD9-4FC8-B384-376606556318",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:blackbox:_alertwerks_servsensor_eme106a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "407C97F8-7E50-4866-9750-779DB29426DC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:_alertwerks_servsensor_eme108a-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0EB3D6-0676-4863-A118-BA6813B05DB0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:_alertwerks_servsensor_eme109a-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DDA55C-62C7-4119-9D0B-5C63E164CEA2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:_alertwerks_servsensor_eme110a-r2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8386970B-907D-49B2-A195-26C151D82BB8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_eme105a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6708EBD9-2A87-4BD3-A32A-AF6E71D22AD9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:blackbox:alertwerks_servsensor_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7921B9C-C62F-4A7E-9834-3D10A62B4002",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_junior_eme152a:-:*:*:*:poe:*:*:*",
              "matchCriteriaId": "79AA004C-8F9F-4B72-8CB5-143CC15B254E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_junior_eme153a:-:*:*:*:poe:*:*:*",
              "matchCriteriaId": "E6033DA2-0013-4306-BE2B-CF1ECE67E72F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_junior_eme154a:-:*:*:*:poe:*:*:*",
              "matchCriteriaId": "CF2BE5E9-40AE-4E0D-ACDD-509ED15FE487",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_junior_eme155a:-:*:*:*:poe:*:*:*",
              "matchCriteriaId": "D7296F14-0552-4D2D-A390-AD852FAC2A15",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:blackbox:alertwerks_servsensor_junior_eme158a:-:*:*:*:poe:*:*:*",
              "matchCriteriaId": "4C1C7C99-246C-4544-8559-21E608ED34C9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:blackbox:alertwerks_servsensor_junior_firmware:-:*:*:*:poe:*:*:*",
              "matchCriteriaId": "F3B50A05-C0FA-4A18-A4FF-7FB7165852E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Black Box AlertWerks ServSensor con firmware en versiones anteriores a SP473, AlertWerks ServSensor Junior con firmware en versiones anteriores a SP473, AlertWerks ServSensor Junior con PoE con firmware en versiones anteriores a SP473 y AlertWerks ServSensor Contact con firmware en versiones anteriores a SP473 permite a usuarios remotos autenticados descubrir contrase\u00f1as de administradores y usuarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-2311",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-30T01:59:06.003",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.