Search

Find a vulnerability

Search criteria

    5 vulnerabilities by Exemys

    VAR-201511-0017

    Vulnerability from variot - Updated: 2025-04-12 23:29

    Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Exemys Telemetry Web Server is a web-based SCADA system from Exemys, Argentina. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0017",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "telemetry web server",
            "scope": null,
            "trust": 2.0,
            "vendor": "exemys",
            "version": null
          },
          {
            "model": "telemetry web server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "exemys",
            "version": "*"
          },
          {
            "model": "srl telemetry web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "exemys",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telemetry web server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          },
          {
            "db": "BID",
            "id": "77630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7910"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:exemys:telemetry_web_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maxim Rupp",
        "sources": [
          {
            "db": "BID",
            "id": "77630"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7910",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-7910",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-07683",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7910",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7910",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-07683",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201511-285",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7910"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Exemys Telemetry Web Server is a web-based SCADA system from Exemys, Argentina. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7910"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          },
          {
            "db": "BID",
            "id": "77630"
          },
          {
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7910",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-321-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "77630",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-285",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "6D5E2D1E-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          },
          {
            "db": "BID",
            "id": "77630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7910"
          }
        ]
      },
      "id": "VAR-201511-0017",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          }
        ],
        "trust": 1.425
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:29:30.616000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.exemys.com/beta/english/index.shtml"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7910"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-321-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7910"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7910"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/77630"
          },
          {
            "trust": 0.3,
            "url": "http://exemys.com.ar/beta/english/products/telemetry_web_server/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          },
          {
            "db": "BID",
            "id": "77630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7910"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          },
          {
            "db": "BID",
            "id": "77630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7910"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-20T00:00:00",
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          },
          {
            "date": "2015-11-17T00:00:00",
            "db": "BID",
            "id": "77630"
          },
          {
            "date": "2015-11-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "date": "2015-11-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          },
          {
            "date": "2015-11-19T11:59:01.657000",
            "db": "NVD",
            "id": "CVE-2015-7910"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          },
          {
            "date": "2015-11-17T00:00:00",
            "db": "BID",
            "id": "77630"
          },
          {
            "date": "2015-11-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-005977"
          },
          {
            "date": "2015-11-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-7910"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Exemys Telemetry Web Server Authentication Bypass Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "6d5e2d1e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07683"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-285"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2022-2197 (GCVE-0-2022-2197)

    Vulnerability from nvd – Published: 2022-06-30 18:42 – Updated: 2025-04-16 16:15
    VLAI
    Title
    Exemys RME1
    Summary
    By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Exemys RME1-AI firmware Affected: All versions , ≤ 2.1.6 (custom)
    Create a notification for this product.
    Date Public
    2022-06-30 00:00
    Credits
    Maxim Rupp reported this vulnerability to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:08.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2197",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:07.252420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:15:38.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RME1-AI firmware",
              "vendor": "Exemys",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.6",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Maxim Rupp reported this vulnerability to CISA"
            }
          ],
          "datePublic": "2022-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "By using a specific credential string, an attacker with network access to the device\u2019s web interface could circumvent the authentication scheme and perform administrative operations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-30T18:42:40.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Exemys no longer sells or maintains RME1 and considers it to be an end-of-life product. Exemys recommends updating to a new supported product in RME2.\n\nFor more information on upgrading, contact Exemys support."
            }
          ],
          "source": {
            "advisory": "ICSA-22-181-01",
            "discovery": "EXTERNAL"
          },
          "title": "Exemys RME1",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-06-30T17:01:00.000Z",
              "ID": "CVE-2022-2197",
              "STATE": "PUBLIC",
              "TITLE": "Exemys RME1"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RME1-AI firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "All versions",
                                "version_value": "2.1.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Exemys"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Maxim Rupp reported this vulnerability to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "By using a specific credential string, an attacker with network access to the device\u2019s web interface could circumvent the authentication scheme and perform administrative operations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Exemys no longer sells or maintains RME1 and considers it to be an end-of-life product. Exemys recommends updating to a new supported product in RME2.\n\nFor more information on upgrading, contact Exemys support."
              }
            ],
            "source": {
              "advisory": "ICSA-22-181-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-2197",
        "datePublished": "2022-06-30T18:42:40.979Z",
        "dateReserved": "2022-06-24T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:15:38.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7910 (GCVE-0-2015-7910)

    Vulnerability from nvd – Published: 2015-11-19 11:00 – Updated: 2024-08-06 08:06
    VLAI
    Summary
    Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:31.379Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-321-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-11-19T11:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-321-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-7910",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-321-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-321-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-7910",
        "datePublished": "2015-11-19T11:00:00.000Z",
        "dateReserved": "2015-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:06:31.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2197 (GCVE-0-2022-2197)

    Vulnerability from cvelistv5 – Published: 2022-06-30 18:42 – Updated: 2025-04-16 16:15
    VLAI
    Title
    Exemys RME1
    Summary
    By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Exemys RME1-AI firmware Affected: All versions , ≤ 2.1.6 (custom)
    Create a notification for this product.
    Date Public
    2022-06-30 00:00
    Credits
    Maxim Rupp reported this vulnerability to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:08.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2197",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:07.252420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:15:38.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RME1-AI firmware",
              "vendor": "Exemys",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.6",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Maxim Rupp reported this vulnerability to CISA"
            }
          ],
          "datePublic": "2022-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "By using a specific credential string, an attacker with network access to the device\u2019s web interface could circumvent the authentication scheme and perform administrative operations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-30T18:42:40.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Exemys no longer sells or maintains RME1 and considers it to be an end-of-life product. Exemys recommends updating to a new supported product in RME2.\n\nFor more information on upgrading, contact Exemys support."
            }
          ],
          "source": {
            "advisory": "ICSA-22-181-01",
            "discovery": "EXTERNAL"
          },
          "title": "Exemys RME1",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-06-30T17:01:00.000Z",
              "ID": "CVE-2022-2197",
              "STATE": "PUBLIC",
              "TITLE": "Exemys RME1"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RME1-AI firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "All versions",
                                "version_value": "2.1.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Exemys"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Maxim Rupp reported this vulnerability to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "By using a specific credential string, an attacker with network access to the device\u2019s web interface could circumvent the authentication scheme and perform administrative operations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Exemys no longer sells or maintains RME1 and considers it to be an end-of-life product. Exemys recommends updating to a new supported product in RME2.\n\nFor more information on upgrading, contact Exemys support."
              }
            ],
            "source": {
              "advisory": "ICSA-22-181-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-2197",
        "datePublished": "2022-06-30T18:42:40.979Z",
        "dateReserved": "2022-06-24T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:15:38.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7910 (GCVE-0-2015-7910)

    Vulnerability from cvelistv5 – Published: 2015-11-19 11:00 – Updated: 2024-08-06 08:06
    VLAI
    Summary
    Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:31.379Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-321-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-11-19T11:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-321-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2015-7910",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-321-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-321-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2015-7910",
        "datePublished": "2015-11-19T11:00:00.000Z",
        "dateReserved": "2015-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:06:31.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }