Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
References
Link | Resource |
---|---|
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01 | Patch Vendor Advisory |
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02 | Patch Vendor Advisory |
https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-03-29 10:59
Updated : 2024-02-28 12:20
NVD link : CVE-2015-0996
Mitre link : CVE-2015-0996
CVE.ORG link : CVE-2015-0996
JSON object : View
Products Affected
aveva
- aveva_edge
schneider-electric
- wonderware_intouch_2014
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor