CVE-2015-3939
IDS NC854 and NC856 - Authenticated Path Traversal via Internal Web Server
Title source: llmDescription
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-148-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74900
Scores
EPSS
0.0261
EPSS Percentile
83.5%
Details
CWE
CWE-22
Status
published
Products (2)
ids/nc854
ids/nc856
Published
May 31, 2015
Tracked Since
Feb 18, 2026