CVE-2015-7908 HIGH

Published: 2015-12-21 | Last Modified: 2026-06-17 | Status: Modified

Description

Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.

Additional Descriptions (1)

Detectores de gas Honeywell Midas en versiones anteriores a 1.13b3 y detectores de gas Midas Black en versiones anteriores a 2.13b3 permiten a atacantes remotos descubrir contraseñas en texto plano rastreando la red.

CVSS Metrics

Base Score: 9.3 (HIGH)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	COMPLETE
Integrity Impact	COMPLETE
Availability Impact	COMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 10.0

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-200

Affected Products

Vendor	Product	Version	Update	Type
honeywell	midas_firmware	*	<built-in method update of dict object at 0x7c3c476bdf40>	Operating System
honeywell	midas_black_firmware	*	<built-in method update of dict object at 0x7c3c40dd4f40>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:midas_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:midas:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:midas_black_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:midas_black:-:::::::*`

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02
Source: [email protected]

Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource