CVE-2015-6476 - OpenCVE

Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Advantech	Eki-1221 Eki-1221d Eki-1222 Eki-1222d Eki-1224 Eki-122x Series Firmware Eki-1321 Eki-1321 Series Firmware Eki-1322 Eki-1322 Series Firmware Eki-1361 Eki-1361 Series Firmware Eki-1362 Eki-1362 Series Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:advantech:eki-1321_series_firmware::::::::
	cpe:2.3:o:advantech:eki-1322_series_firmware::::::::

OR	cpe:2.3:h:advantech:eki-1321:-:::::::*
	cpe:2.3:h:advantech:eki-1322:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:advantech:eki-1361_series_firmware::::::::
	cpe:2.3:o:advantech:eki-1362_series_firmware::::::::

OR	cpe:2.3:h:advantech:eki-1361::::::::
	cpe:2.3:h:advantech:eki-1362::::::::

Configuration 3 [-]

AND

cpe:2.3:o:advantech:eki-122x_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:advantech:eki-1221:-:::::::*
	cpe:2.3:h:advantech:eki-1221d:-:::::::*
	cpe:2.3:h:advantech:eki-1222:-:::::::*
	cpe:2.3:h:advantech:eki-1222d:-:::::::*
	cpe:2.3:h:advantech:eki-1224:-:::::::*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2015-11-07T02:00:00

Updated: 2024-08-06T07:22:21.684Z

Reserved: 2015-08-17T00:00:00

Link: CVE-2015-6476

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-11-07T03:59:00.127

Modified: 2015-11-09T19:18:42.073

Link: CVE-2015-6476

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-11-07T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2015-6476", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:22:21.684Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2015-6476", "datePublished": "2015-11-07T02:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:22:21.684Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:advantech:eki-1321_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1890F2BC-F142-416F-849C-2E373A06FCA3", "versionEndIncluding": "1.96", "vulnerable": true}, {"criteria": "cpe:2.3:o:advantech:eki-1322_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE9EAB7C-D317-4CDD-889B-AA421DF76694", "versionEndIncluding": "1.96", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:advantech:eki-1321:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D7B68EA-F9AD-4CC6-BAFA-B5129EEFE856", "vulnerable": false}, {"criteria": "cpe:2.3:h:advantech:eki-1322:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A27AED1-8435-4E68-98B7-22E2ECE6174D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:advantech:eki-1361_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F301098-8128-4926-90D6-0190964891D8", "versionEndIncluding": "1.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:advantech:eki-1362_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35F5689B-F1D2-400D-8DD5-C9DD5AAE72F4", "versionEndIncluding": "1.17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:advantech:eki-1361:*:*:*:*:*:*:*:*", "matchCriteriaId": "925AC192-E081-450A-BFB4-73CF9728E22C", "vulnerable": false}, {"criteria": "cpe:2.3:h:advantech:eki-1362:*:*:*:*:*:*:*:*", "matchCriteriaId": "21ED3DFA-0A24-412F-ABDC-8C23893DAB37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:advantech:eki-122x_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8217E10B-54CA-4664-A721-9CBA23A23F2B", "versionEndIncluding": "1.49", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:advantech:eki-1221:-:*:*:*:*:*:*:*", "matchCriteriaId": "519A0B53-DACF-46FD-B52C-8691B931F6DA", "vulnerable": false}, {"criteria": "cpe:2.3:h:advantech:eki-1221d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BCC7BB2-333E-4C90-A2DE-81C9017AFD3F", "vulnerable": false}, {"criteria": "cpe:2.3:h:advantech:eki-1222:-:*:*:*:*:*:*:*", "matchCriteriaId": "23B86996-68E7-4314-8F28-2B275AFD3576", "vulnerable": false}, {"criteria": "cpe:2.3:h:advantech:eki-1222d:-:*:*:*:*:*:*:*", "matchCriteriaId": "205149C4-040E-4F2C-A0B8-B39EE42CB70B", "vulnerable": false}, {"criteria": "cpe:2.3:h:advantech:eki-1224:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F74E576-4E04-48B0-8031-5F80E59EBFCE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session."}, {"lang": "es", "value": "Dispositivos Advantech EKI-122x-BE con firmware en versiones anteriores a 1.65, disposititvos EKI-132x con firmware en versiones anteriores a 1.98 y dispositivos EKI-136x con firmware en versiones anteriores a 1.27 tienen claves SSH embebidas, lo que hace m\u00e1s facil a atacantes remotos obtener acceso a trav\u00e9s de una sesi\u00f3n SSH."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/798.html\" target=\"_blank\">CWE-798: Use of Hard-coded Credentials</a>", "id": "CVE-2015-6476", "lastModified": "2015-11-09T19:18:42.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-07T03:59:00.127", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}