CVE-2015-6485

Published: Mar 12, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.

Affected (2)

Products: Schneider Electric: Telvent Rtu Firmware

Schneider Electric

1 product

Telvent Rtu Firmware

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Schneider Electric Telvent Rtu Firmware	Up to c3414-500-s02j1

Running on/with	Platform Versions
Schneider Electric Sage 1410	All versions
Schneider Electric Sage 1430	All versions
Schneider Electric Sage 1450	All versions
Schneider Electric Sage 2400	All versions
Schneider Electric Sage 3030m	All versions
Schneider Electric Sage Landac Ii 2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Telvent Rtu Firmware	Up to c3413-500-001d3

Running on/with	Platform Versions
Schneider Electric Sage 2300	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-16-070-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-16-070-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.