exploitDog

CVE-2015-3962

Опубликовано: 18 сент. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network.

Ссылки

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01
Broken Link
Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01
Third Party Advisory
US Government Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01
Broken Link
Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:struxureware_building_expert_multi-purpose_management:*:*:*:*:*:*:*:*

Версия до 2.15 (исключая)

EPSS

Процентиль: 50%

0.00264

Низкий

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-8h44-39jg-7c5x

github

больше 3 лет назад

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network.

EPSS

Процентиль: 50%

0.00264

Низкий

5 Medium

CVSS2

Дефекты

CWE-522