CVE-2015-6485

Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-070-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:telvent_rtu_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030m:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_landac_ii-2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:schneider-electric:sage_2300:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:telvent_rtu_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-03-12 02:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-6485

Mitre link : CVE-2015-6485

CVE.ORG link : CVE-2015-6485


JSON object : View

Products Affected

schneider-electric

  • telvent_rtu_firmware
  • sage_3030m
  • sage_1450
  • sage_1430
  • sage_landac_ii-2
  • sage_2400
  • sage_1410
  • sage_2300
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor