Detections
Analytics

Honeywell Midas Gas Detectors Authentication Bypass

high Nessus Network Monitor Plugin ID 720073

Synopsis

A directory traversal vulnerability in the web server on Honeywell Midas and Midas Black gas detectors allows a remote attacker to write configuration files or trigger a calibration.

Description

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02

Plugin Details

Severity: High

ID: 720073

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 12/3/2015

Vulnerability Publication Date: 12/3/2015

Reference Information

CVE: CVE-2015-7907