CVE-2015-0996

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:wonderware_intouch_2014:*:*:*:*:machine:*:*:*

History

21 Nov 2024, 02:24

Type Values Removed Values Added
References () http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01 - Patch, Vendor Advisory () http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01 - Patch, Vendor Advisory
References () http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02 - Patch, Vendor Advisory () http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02 - Patch, Vendor Advisory
References () https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01 - Third Party Advisory, US Government Resource

Information

Published : 2015-03-29 10:59

Updated : 2024-11-21 02:24


NVD link : CVE-2015-0996

Mitre link : CVE-2015-0996

CVE.ORG link : CVE-2015-0996


JSON object : View

Products Affected

aveva

  • aveva_edge

schneider-electric

  • wonderware_intouch_2014
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor