nvd-json-data-feeds/CVE-2015/CVE-2015-39xx/CVE-2015-3939.json

{
  "id": "CVE-2015-3939",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2015-05-31T17:59:07.077",
  "lastModified": "2016-12-06T03:01:26.007",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en los m\u00f3dulos NC854 y NC856 para los dispositivos IDS RTU 850C permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de vectores no especificados que involucran un servidor web interno, tal y como fue demostrado mediante la lectura de un fichero de las credenciales de TELNET."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ids:nc854:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0CBDFE1-4BE6-4FAE-9A62-831ABFBAD031"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ids:nc856:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35180322-3531-45AA-B04C-F866993FA871"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:ids:ids_rtu_850c:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "950C4B9E-2906-4265-A6AD-8515B79810E2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/74900",
      "source": "ics-cert@hq.dhs.gov"
    },
    {
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-148-01",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2015-3939",`
			`"sourceIdentifier": "ics-cert@hq.dhs.gov",`
			`"published": "2015-05-31T17:59:07.077",`
			`"lastModified": "2016-12-06T03:01:26.007",`
			`"vulnStatus": "Modified",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Vulnerabilidad de salto de directorio en los m\u00f3dulos NC854 y NC856 para los dispositivos IDS RTU 850C permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de vectores no especificados que involucran un servidor web interno, tal y como fue demostrado mediante la lectura de un fichero de las credenciales de TELNET."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "SINGLE",`
			`"confidentialityImpact": "COMPLETE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.8`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 8.0,`
			`"impactScore": 6.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-22"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:ids:nc854:-:::::::*",`
			`"matchCriteriaId": "F0CBDFE1-4BE6-4FAE-9A62-831ABFBAD031"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:ids:nc856:-:::::::*",`
			`"matchCriteriaId": "35180322-3531-45AA-B04C-F866993FA871"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:ids:ids_rtu_850c::::::::",`
			`"matchCriteriaId": "950C4B9E-2906-4265-A6AD-8515B79810E2"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://www.securityfocus.com/bid/74900",`
			`"source": "ics-cert@hq.dhs.gov"`
			`},`
			`{`
			`"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-148-01",`
			`"source": "ics-cert@hq.dhs.gov",`
			`"tags": [`
			`"Third Party Advisory",`
			`"US Government Resource"`
			`]`
			`}`
			`]`
			`}`