CVE-2015-6476 : Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with f

Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.

Published 2015-11-07 03:59:00

Updated 2025-04-12 10:46:41

Source ICS-CERT

View at NVD, CVE.org

Products affected by CVE-2015-6476

Advantech » Eki-1322 Series Firmware
Versions up to, including, (<=) 1.96
cpe:2.3:o:advantech:eki-1322_series_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Advantech » Eki-1321 » Version: N/A
When used together with: Advantech » Eki-1322 » Version: N/A
Advantech » Eki-1321 Series Firmware
Versions up to, including, (<=) 1.96
cpe:2.3:o:advantech:eki-1321_series_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Advantech » Eki-1321 » Version: N/A
When used together with: Advantech » Eki-1322 » Version: N/A
Advantech » Eki-1361 Series Firmware
Versions up to, including, (<=) 1.17
cpe:2.3:o:advantech:eki-1361_series_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Advantech » Eki-1361
When used together with: Advantech » Eki-1362
Advantech » Eki-1362 Series Firmware
Versions up to, including, (<=) 1.17
cpe:2.3:o:advantech:eki-1362_series_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Advantech » Eki-1361
When used together with: Advantech » Eki-1362
Advantech » Eki-122x Series Firmware
Versions up to, including, (<=) 1.49
cpe:2.3:o:advantech:eki-122x_series_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Advantech » Eki-1221 » Version: N/A
When used together with: Advantech » Eki-1221d » Version: N/A
When used together with: Advantech » Eki-1222 » Version: N/A
When used together with: Advantech » Eki-1222d » Version: N/A
When used together with: Advantech » Eki-1224 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2015-6476

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-6476

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2015-6476

https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01

Advantech EKI Hard-coded SSH Keys Vulnerability | CISA
Third Party Advisory;US Government Resource

Jump to

Vulnerability Details : CVE-2015-6476

Products affected by CVE-2015-6476

Exploit prediction scoring system (EPSS) score for CVE-2015-6476

CVSS scores for CVE-2015-6476

References for CVE-2015-6476