CVE-2015-3972

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

T

he web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03	Patch Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:janitza:umg_508:-:::::::*
	cpe:2.3:h:janitza:umg_509:-:::::::*
	cpe:2.3:h:janitza:umg_511:-:::::::*
	cpe:2.3:h:janitza:umg_604:-:::::::*
	cpe:2.3:h:janitza:umg_605:-:::::::*

History

21 Nov 2024, 02:30

Type	Values Removed	Values Added
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03 - Patch, Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03 - Patch, Third Party Advisory, US Government Resource

Information

Published : 2015-10-28 10:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-3972

Mitre link : CVE-2015-3972

CVE.ORG link : CVE-2015-3972

JSON object : View

Products Affected

CWE

CWE-254

7PK - Security Features

{"id": "CVE-2015-3972", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-10-28T10:59:06.557", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack."}, {"lang": "es", "value": "La interfaz web en dipositivos Janitza UMG 508, 509, 511, 604 y 605 soporta s\u00f3lo valores de PIN cortos para la autenticaci\u00f3n, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:janitza:umg_508:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AAC1AC1-5748-4993-9159-0612414E3CA2"}, {"criteria": "cpe:2.3:h:janitza:umg_509:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6574840-AA64-4E4D-86D1-968EEEE0281C"}, {"criteria": "cpe:2.3:h:janitza:umg_511:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFC7F511-A110-4306-9594-A2CDD1304323"}, {"criteria": "cpe:2.3:h:janitza:umg_604:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C0FF49-A0BF-4141-A5D8-A139AEA86FE0"}, {"criteria": "cpe:2.3:h:janitza:umg_605:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D21FD36-E671-4766-969B-5C8E351A4493"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}