Vulnerability Details CVE-2015-1008
SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.8%
CVSS Severity
CVSS v2 Score 6.5
References
- http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability
- http://www.securityfocus.com/bid/74774
- https://ics-cert.us-cert.gov/advisories/ICSA-15-111-01
- http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability
- http://www.securityfocus.com/bid/74774
- https://ics-cert.us-cert.gov/advisories/ICSA-15-111-01
Products affected by CVE-2015-1008
-
cpe:2.3:a:emerson:ams_device_manager:1.0
-
cpe:2.3:a:emerson:ams_device_manager:1.1
-
cpe:2.3:a:emerson:ams_device_manager:1.2
-
cpe:2.3:a:emerson:ams_device_manager:1.3
-
cpe:2.3:a:emerson:ams_device_manager:1.4
-
cpe:2.3:a:emerson:ams_device_manager:10.0
-
cpe:2.3:a:emerson:ams_device_manager:10.1
-
cpe:2.3:a:emerson:ams_device_manager:10.5
-
cpe:2.3:a:emerson:ams_device_manager:11.0
-
cpe:2.3:a:emerson:ams_device_manager:11.1
-
cpe:2.3:a:emerson:ams_device_manager:11.1.1
-
cpe:2.3:a:emerson:ams_device_manager:11.5
-
cpe:2.3:a:emerson:ams_device_manager:12.0
-
cpe:2.3:a:emerson:ams_device_manager:12.5
-
cpe:2.3:a:emerson:ams_device_manager:5.0
-
cpe:2.3:a:emerson:ams_device_manager:6.0
-
cpe:2.3:a:emerson:ams_device_manager:6.1
-
cpe:2.3:a:emerson:ams_device_manager:6.2
-
cpe:2.3:a:emerson:ams_device_manager:6.5
-
cpe:2.3:a:emerson:ams_device_manager:7.0
-
cpe:2.3:a:emerson:ams_device_manager:8.0
-
cpe:2.3:a:emerson:ams_device_manager:9.0