CVE-2015-7900

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:::::::*
	cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:::::::*
	cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:::::::*

History

No history.

Information

Published : 2015-10-28 10:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-7900

Mitre link : CVE-2015-7900

CVE.ORG link : CVE-2015-7900

JSON object : View

Products Affected

infinite_automation_systems

mango_automation

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

4.3 /10