Lucene search
IcscertCVE-2015-0996HistoryMar 29, 2015 - 10:59 a.m.
CVE-2015-0996
2015-03-2910:59:05
CWE-200
icscert
web.nvd.nist.gov
40
cve-2015-0996
schneider electric
indusoft web studio
intouch machine edition
hardcoded password
sensitive information disclosure
nvd
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0
Percentile
5.3%
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
Affected configurations
Node
avevaaveva_edgeRange<7.1.3.4
ORschneider-electricwonderware_intouch_2014Range<7.1.3.4machine
| Vendor | Product | Version | CPE |
|---|---|---|---|
| aveva | aveva_edge | * | cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:* |
| schneider-electric | wonderware_intouch_2014 | * | cpe:2.3:a:schneider-electric:wonderware_intouch_2014:*:*:*:*:machine:*:*:* |
Related
cvelist
cvelist
CVE-2015-0996
2015-03-29 10:00:00
prion
prion
Hardcoded credentials
2015-03-29 10:59:00
nvd
nvd
CVE-2015-0996
2015-03-29 10:59:05
ics
ics
kaspersky
kaspersky
KLA10508 Multiple vulnerabilities in Schneider Electric products
2015-03-29 00:00:00
nessus
nessus
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0
Percentile
5.3%
Related for CVE-2015-0996