{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-20T00:00:00", "descriptions": [{"lang": "en", "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-01-27T06:57:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9197", "datePublished": "2015-01-27T11:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2015-01-27T06:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:etg3000_factorycast_hmi_gateway_firmware:1.60.2:*:*:*:*:*:*:*", "matchCriteriaId": "88278ADF-FD66-4110-80F2-059D98B5D740", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxetg3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D2618A-486E-4055-BAFD-81F82C6B3D2A", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3010:-:*:*:*:*:*:*:*", "matchCriteriaId": "55B765EF-1FA4-4994-AE8C-E11BF4F9B95E", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3021:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB5F2A27-898A-4F8F-BAD5-FA64370A6B98", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3022:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D483984-53F3-4972-9F6D-9446C06891D5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}, {"lang": "es", "value": "Schneider Electric ETG3000 FactoryCast HMI Gateway con firmware anterior a 1.60 IR 04 almacena rde.jar bajo el root web sin suficiente control de acceso, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de la instalaci\u00f3n y la configuraci\u00f3n a trav\u00e9s de una solicitud directa."}], "id": "CVE-2014-9197", "lastModified": "2015-01-28T18:52:02.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-27T19:59:00.040", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}