CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7907
https://notcve.org/view.php?id=CVE-2015-7907
21 Dec 2015 — Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. Vulnerabilidad de salto de directorio en el servidor web en los detectores de gas de Honeywell Midas en versiones anteriores a 1.13b3 y en detectores de gas de Midas Black en versiones anteriores a 2.13b3 permite a atacantes r... • https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7908
https://notcve.org/view.php?id=CVE-2015-7908
21 Dec 2015 — Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. Detectores de gas Honeywell Midas en versiones anteriores a 1.13b3 y detectores de gas Midas Black en versiones anteriores a 2.13b3 permiten a atacantes remotos descubrir contraseñas en texto plano rastreando la red. • https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •