CVE-2015-3974

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
easyioeasyio-30p-sf_firmware
𝑥
≤ 0.5.20
easyioeasyio-30p-sf_firmware
𝑥
≤ 2.0.5.20
easyioeasyio-30p-sf
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ics-cert.us-cert.gov/advisories/ICSA-15-237-02
https://ics-cert.us-cert.gov/advisories/ICSA-15-237-02