CVE-2015-7907

HIGH

Honeywell Midas <1.13b3-2.13b3 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02

Scores

CVSS v3 8.6
EPSS 0.0359
EPSS Percentile 88.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Details

CWE
CWE-22
Status published
Products (2)
honeywell/midas_black_firmware < 2.13b1
honeywell/midas_firmware < 1.13b1
Published Dec 21, 2015
Tracked Since Feb 18, 2026