CVE-2016-2311

MEDIUM

Black Box ServSensor, ServSensor Junior, and ServSensor Contact < SP473 - Authenticated Password Exposure

Title source: llm
STIX 2.1

Description

Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03

Scores

CVSS v3 6.5
EPSS 0.0115
EPSS Percentile 63.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-255
Status published
Products (3)
blackbox/alertwerks_servsensor_contact_firmware
blackbox/alertwerks_servsensor_firmware
blackbox/alertwerks_servsensor_junior_firmware (2 CPE variants)
Published May 30, 2016
Tracked Since Feb 18, 2026