PT-2015-5014 · Schneider Electric · Indusoft Web Studio+1

Alisa Esage Shevchenko

Published

2015-03-29

Updated

2021-05-14

CVE-2015-0996

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Schneider Electric InduSoft Web Studio versions prior to 7.1.3.4 SP3 Patch 4 Schneider Electric InTouch Machine Edition 2014 versions prior to 7.1.3.4 SP3 Patch 4

Description The issue allows local users to obtain sensitive information by discovering a hardcoded cleartext password used to control read access to Project files and Project Configuration files.

Recommendations For Schneider Electric InduSoft Web Studio versions prior to 7.1.3.4 SP3 Patch 4, update to version 7.1.3.4 SP3 Patch 4 or later. For Schneider Electric InTouch Machine Edition 2014 versions prior to 7.1.3.4 SP3 Patch 4, update to version 7.1.3.4 SP3 Patch 4 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-0996

Affected Products

Intouch Machine Edition 2014

Indusoft Web Studio

PT-2015-5014 · Schneider Electric · Indusoft Web Studio+1

CVE-2015-0996

Weakness Enumeration

Related Identifiers

Affected Products

References · 4