Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
References
Link | Resource |
---|---|
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01 | Patch Vendor Advisory |
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02 | Patch Vendor Advisory |
https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2015-03-29T10:00:00
Updated: 2015-03-29T02:57:00
Reserved: 2015-01-10T00:00:00
Link: CVE-2015-0996
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-03-29T10:59:05.383
Modified: 2021-05-14T15:24:42.063
Link: CVE-2015-0996
JSON object: View
Redhat Information
No data.
CWE