CVE-2016-2311 — MEDIUM (6.5)

Vulnerability Description

Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Blackbox	Alertwerks Servsensor Junior Eme102A-R2	-
Blackbox	Alertwerks Servsensor Junior Eme103A-R2	-
Blackbox	Alertwerks Servsensor Junior Eme104A-R2	-
Blackbox	Alertwerks Servsensor Junior Firmware	-
Blackbox	Alertwerks Servsensor Contact Eme111A-20-R2	-
Blackbox	Alertwerks Servsensor Contact Eme111A-60-R2	-
Blackbox	Alertwerks Servsensor Contact Eme112A-20-R2	-
Blackbox	Alertwerks Servsensor Contact Eme112A-60-R2	-
Blackbox	Alertwerks Servsensor Contact Eme113A-20-R2	-
Blackbox	Alertwerks Servsensor Contact Eme113A-60-R2	-
Blackbox	Alertwerks Servsensor Contact Firmware	-
Blackbox	Alertwerks Servsensor Eme106A	-
Blackbox	Alertwerks Servsensor Eme108A-R2	-
Blackbox	Alertwerks Servsensor Eme109A-R2	-
Blackbox	Alertwerks Servsensor Eme110A-R2	-
Blackbox	Alertwerks Servsensor Eme105A	-
Blackbox	Alertwerks Servsensor Firmware	-
Blackbox	Alertwerks Servsensor Junior Eme152A	-
Blackbox	Alertwerks Servsensor Junior Eme153A	-
Blackbox	Alertwerks Servsensor Junior Eme154A	-

Related Weaknesses (CWE)

CWE-255 CWE-200

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2016-2311?

CVE-2016-2311 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks Se...

How severe is CVE-2016-2311?

CVE-2016-2311 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2311?

Check the references section above for vendor advisories and patch information. Affected products include: Blackbox Alertwerks Servsensor Junior Eme102A-R2, Blackbox Alertwerks Servsensor Junior Eme103A-R2, Blackbox Alertwerks Servsensor Junior Eme104A-R2, Blackbox Alertwerks Servsensor Junior Firmware, Blackbox Alertwerks Servsensor Contact Eme111A-20-R2.