CVE-2015-3972
Published Oct 28, 2015
Last updated 9 years ago
Overview
- Description
- The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-254
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:janitza:umg_508:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AAC1AC1-5748-4993-9159-0612414E3CA2"
},
{
"criteria": "cpe:2.3:h:janitza:umg_509:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6574840-AA64-4E4D-86D1-968EEEE0281C"
},
{
"criteria": "cpe:2.3:h:janitza:umg_511:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFC7F511-A110-4306-9594-A2CDD1304323"
},
{
"criteria": "cpe:2.3:h:janitza:umg_604:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07C0FF49-A0BF-4141-A5D8-A139AEA86FE0"
},
{
"criteria": "cpe:2.3:h:janitza:umg_605:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D21FD36-E671-4766-969B-5C8E351A4493"
}
],
"operator": "OR"
}
]
}
]