Lucene search

IcscertCVE-2015-3950

HistoryJun 05, 2015 - 10:59 a.m.

CVE-2015-3950

2015-06-0510:59:06

CWE-352

icscert

web.nvd.nist.gov

cve-2015-3950

xzeres

csrf

vulnerability

442sr wind turbines

authentication hijacking

admin user

get request

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

40.5%

JSON

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.

Affected configurations

Nvd

Node

xzeres442sr_osMatch-

AND

xzeres442srMatch-

VendorProductVersionCPE
xzeres442sr_os-cpe:2.3:o:xzeres:442sr_os:-:*:*:*:*:*:*:*
xzeres442sr-cpe:2.3:h:xzeres:442sr:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xzeres	442sr_os	-	cpe:2.3:o:xzeres:442sr_os:-:::::::*
xzeres	442sr	-	cpe:2.3:h:xzeres:442sr:-:::::::*

References

www.securityfocus.com/bid/75032

ics-cert.us-cert.gov/advisories/ICSA-15-155-01

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

40.5%

JSON

Related for CVE-2015-3950