Remote Password Disclosure Vulnerability in Honeywell Gas Detectors
CVE-2015-7908

Currently unrated

Key Information:

Vendor: Honeywell
Status: Midas Firmware
Vendor: CVE Published:; 21 December 2015

What is CVE-2015-7908?

Honeywell Midas gas detectors and Midas Black gas detectors prior to version 1.13b3 and 2.13b3, respectively, are susceptible to a vulnerability that enables remote attackers to capture cleartext passwords by intercepting network traffic. This issue potentially compromises the confidentiality of sensitive authentication credentials, highlighting significant risks for users relying on these gas detection solutions for security. Ensuring that devices are updated to the latest versions is crucial to mitigate exposure to this vulnerability.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2015
Vulnerability Reserved
Oct 22, 2015