Login Sign Up

CVE-2015-7915

9.8 CRITICAL

📋 TL;DR

CVE-2015-7915 is a critical vulnerability in Sauter EY-WS505F0x0 moduWeb Vision building automation systems where credentials are transmitted in cleartext over the network. This allows attackers to intercept authentication credentials by sniffing network traffic. Organizations using affected versions of this building management system are at risk.

💻 Affected Systems

Products:
  • Sauter EY-WS505F0x0 moduWeb Vision
Versions: All versions before 1.6.0
Operating Systems: Embedded/Proprietary
Default Config Vulnerable: ⚠️ Yes
Notes: Affects building automation controllers used in HVAC and building management systems.

📦 What is this software?

Moduweb Vision by Sauter

View all CVEs affecting Moduweb Vision →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to building automation systems, potentially manipulating HVAC, lighting, security systems, or causing physical damage to equipment.

🟠

Likely Case

Attackers steal credentials and gain unauthorized access to building management systems, potentially disrupting operations or using the system as a foothold for further attacks.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to credential exposure requiring password resets.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to sniff traffic; no authentication bypass needed once credentials are captured.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.6.0 and later

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01

Restart Required: Yes

Instructions:

1. Contact Sauter for version 1.6.0 or later firmware. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Restart device. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate building automation systems from general corporate networks and internet access.

VPN/Encrypted Tunnel

all

Require all connections to use encrypted VPN tunnels to prevent credential sniffing.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected devices
  • Monitor network traffic for cleartext credential transmission and alert on detection

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console; if version is below 1.6.0, device is vulnerable.

Check Version:

Check via web interface at http://[device-ip]/ or serial console command depending on configuration

Verify Fix Applied:

Confirm firmware version is 1.6.0 or higher and test that credentials are no longer transmitted in cleartext using network sniffing tools.

📡 Detection & Monitoring

Log Indicators:

  • Failed login attempts from unexpected IP addresses
  • Successful logins from unusual locations/times

Network Indicators:

  • Cleartext HTTP traffic containing authentication credentials
  • Unusual network connections to building automation controllers

SIEM Query:

source_ip IN (building_automation_ips) AND (http_request CONTAINS "password" OR http_request CONTAINS "login")

📊 Metadata

CVE ID: CVE-2015-7915
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-200
Published: February 6, 2016
Last Updated: April 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-7915, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)