Lucene search
HistoryMar 29, 2015 - 10:59 a.m.
CVE-2015-0999
cve-2015-0999
schneider electric
indusoft web studio
intouch machine edition
cleartext credentials
local user
sensitive information
configuration file
nvd
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.9%
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
Affected configurations
Node
avevaaveva_edgeRange<7.1.3.4
ORschneider-electricwonderware_intouch_2014Range<7.1.3.4machine
Related
prion
prion
Design/Logic Flaw
2015-03-29 10:59:00
cvelist
cvelist
CVE-2015-0999
2015-03-29 10:00:00
nvd
nvd
CVE-2015-0999
2015-03-29 10:59:08
kaspersky
kaspersky
KLA10508 Multiple vulnerabilities in Schneider Electric products
2015-03-29 00:00:00
ics
ics
nessus
nessus
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.9%
Related for CVE-2015-0999