EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors.
Conclusion & alert: CVE-2015-3974 is rated Moderate Risk (64/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 1.87%). Core evidence: EPSS rose +1.20% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.67% | 1.87% | +1.20% |
| 2 | 2026-02-19 | 0.49% | 0.67% | +0.18% |
| 3 | 2026-01-04 | — | 0.49% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.0 | 2.0 | HIGH |
|
8.0 | 10.0 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| easyio | easyio-30p-sf_firmware | <= 0.5.20 | cpe:2.3:o:easyio:easyio-30p-sf_firmware:*:*:*:*:*:*:*:* |
| easyio | easyio-30p-sf_firmware | <= 2.0.5.20 | cpe:2.3:o:easyio:easyio-30p-sf_firmware:*:*:*:*:*:*:*:* |
| easyio | easyio-30p-sf | — | cpe:2.3:h:easyio:easyio-30p-sf:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-237-02 | Third Party Advisory US Government Resource |