CVE-2015-7911 : Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session.

Published 2015-12-23 03:59:03

Updated 2015-12-23 21:04:07

Source ICS-CERT

View at NVD, CVE.org

Products affected by CVE-2015-7911

Saia Burgess Controls » Pcd7.d4xxv Vga Mb Firmware
Versions up to, including, (<=) 1.24.41
cpe:2.3:o:saia_burgess_controls:pcd7.d4xxv_vga_mb_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd7.d4xxv Vga Mb » Version: N/A
Saia Burgess Controls » Pcd7.d4xxd Firmware
Versions up to, including, (<=) 1.24.41
cpe:2.3:o:saia_burgess_controls:pcd7.d4xxd_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd7.d4xxd » Version: N/A
Saia Burgess Controls » Pcd3.mxxx0 Firmware
Versions up to, including, (<=) 1.24.25
cpe:2.3:o:saia_burgess_controls:pcd3.mxxx0_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd3.mxxx0 » Version: N/A
Saia Burgess Controls » Pcd7.d4xxd Svga Mb Firmware
Versions up to, including, (<=) 1.24.41
cpe:2.3:o:saia_burgess_controls:pcd7.d4xxd_svga_mb_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd7.d4xxd Svga Mb » Version: N/A
Saia Burgess Controls » Pcd3.t666 Firmware
Versions up to, including, (<=) 1.24.30
cpe:2.3:o:saia_burgess_controls:pcd3.t666_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd3.t666 » Version: N/A
Saia Burgess Controls » Pcd1.m2xx0 Firmware
Versions up to, including, (<=) 1.24.25
cpe:2.3:o:saia_burgess_controls:pcd1.m2xx0_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd1.m2xx0 » Version: N/A
Saia Burgess Controls » Pcd3.mxx60 Firmware
Versions up to, including, (<=) 1.24.25
cpe:2.3:o:saia_burgess_controls:pcd3.mxx60_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd3.mxx60 » Version: N/A
Saia Burgess Controls » Pcd3.t665 Firmware
Versions up to, including, (<=) 1.24.30
cpe:2.3:o:saia_burgess_controls:pcd3.t665_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd3.t665
Saia Burgess Controls » Pcd2.m5xx0 Firmware
Versions up to, including, (<=) 1.24.25
cpe:2.3:o:saia_burgess_controls:pcd2.m5xx0_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd2.m5xx0 » Version: N/A
Saia Burgess Controls » Pcd7.d4xxwtpf Wvga Mb Firmware » Version: 1.24.41
cpe:2.3:o:saia_burgess_controls:pcd7.d4xxwtpf_wvga_mb_firmware:1.24.41:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd7.d4xxwtpf Wvga Mb » Version: N/A
Saia Burgess Controls » Pcd7.d4xxwtpf Firmware
Versions up to, including, (<=) 1.24.41
cpe:2.3:o:saia_burgess_controls:pcd7.d4xxwtpf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd7.d4xxwtpf » Version: N/A
Saia Burgess Controls » Pcd1.m0xx0 Firmware
Versions up to, including, (<=) 1.24.25
cpe:2.3:o:saia_burgess_controls:pcd1.m0xx0_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd1.m0xx0 » Version: N/A
Saia Burgess Controls » Pcd7.d4xxxt5f Firmware
Versions up to, including, (<=) 1.24.41
cpe:2.3:o:saia_burgess_controls:pcd7.d4xxxt5f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd7.d4xxxt5f » Version: N/A
Saia Burgess Controls » Pcd7.d4xxv Firmware
Versions up to, including, (<=) 1.24.41
cpe:2.3:o:saia_burgess_controls:pcd7.d4xxv_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Saia Burgess Controls » Pcd7.d4xxv » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2015-7911

EPSS FAQ

0.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 69 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-7911

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.1	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2015-7911

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-7911

https://ics-cert.us-cert.gov/advisories/ICSA-15-335-01

Saia Burgess Controls PCD Controller Hard-coded Password Vulnerability | CISA
Patch;Third Party Advisory;US Government Resource

Jump to

Vulnerability Details : CVE-2015-7911

Products affected by CVE-2015-7911

Exploit prediction scoring system (EPSS) score for CVE-2015-7911

CVSS scores for CVE-2015-7911

CWE ids for CVE-2015-7911

References for CVE-2015-7911