CVE-2015-3939

IDS NC854 and NC856 - Authenticated Path Traversal via Internal Web Server

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-148-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74900

Scores

EPSS 0.0261
EPSS Percentile 83.5%

Details

CWE
CWE-22
Status published
Products (2)
ids/nc854
ids/nc856
Published May 31, 2015
Tracked Since Feb 18, 2026