CVE-2015-7907 Information

Description

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication and write to a configuration file or trigger a calibration or test via unspecified vectors.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

HIGH

Base Score

LOW

Base Severity

8.6