CVE-2015-7928 in Device
Summary
by MITRE
eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/04/2025
The vulnerability identified as CVE-2015-7928 affects eWON industrial devices running firmware versions prior to 10.1s0, representing a significant security weakness in industrial control systems. This flaw resides in the web-based management interface of these devices, specifically within the password input field implementation. The absence of the autocomplete="off" attribute creates a persistent security risk that directly impacts the authentication security posture of these industrial devices.
The technical flaw manifests as a browser-level security oversight where the web interface fails to properly disable password auto-completion functionality for the password field. This seemingly minor configuration issue has substantial implications for industrial environments where devices may be accessed through unattended workstations or shared computing environments. When browsers automatically populate password fields, they store credentials in a manner that can be easily retrieved by unauthorized users who gain access to the same workstation or browser session. This vulnerability specifically enables credential harvesting through browser auto-complete mechanisms rather than traditional brute force or exploitation techniques.
The operational impact of this vulnerability extends beyond simple credential theft, as it represents a critical weakness in the defense-in-depth strategy for industrial control systems. In industrial environments, eWON devices often serve as critical communication endpoints between field devices and enterprise networks, making their security paramount. The vulnerability creates a vector for unauthorized access that requires minimal technical expertise, as attackers only need to observe an unattended workstation to leverage the auto-complete functionality. This risk is particularly concerning in environments where physical security controls may be insufficient or where multiple users share computing resources.
The vulnerability aligns with CWE-625 and CWE-384 categories, specifically addressing weaknesses in web application security related to improper input handling and credential management. From an attack perspective, this flaw maps to several ATT&CK techniques including credential access through web application attacks and privilege escalation through compromised credentials. The vulnerability also reflects broader concerns in industrial cybersecurity related to the security of web interfaces in operational technology environments, where traditional security controls may not be adequately applied.
Organizations should implement immediate mitigations including firmware updates to version 10.1s0 or later, which addresses the missing autocomplete attribute. Additionally, system administrators should review and enforce security policies that require explicit credential management practices, including disabling browser auto-complete for all industrial web interfaces. Network segmentation and access control measures should be strengthened to limit exposure of these devices to potential attackers. Regular security assessments of industrial web interfaces should be conducted to identify similar configuration vulnerabilities that may exist in other operational technology systems.