CVE-2014-9197

Name of the Vulnerable Software and Affected Versions Schneider Electric ETG3000 FactoryCast HMI Gateway versions prior to 1.60 IR 04

Description The issue allows remote attackers to obtain sensitive setup and configuration information. This is due to insufficient access control for the rde.jar file stored under the web root, which can be accessed via a direct request.

Recommendations For versions prior to 1.60 IR 04, update the firmware to version 1.60 IR 04 or later to resolve the issue. As a temporary workaround, consider restricting access to the web root to minimize the risk of exploitation.