PT-2015-5015 · Schneider Electric · Indusoft Web Studio+1

Alisa Esage Shevchenko

Published

2015-03-29

Updated

2021-05-14

CVE-2015-0997

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Schneider Electric InduSoft Web Studio versions prior to 7.1.3.4 SP3 Patch 4 Schneider Electric InTouch Machine Edition 2014 versions prior to 7.1.3.4 SP3 Patch 4

Description The issue allows remote attackers to obtain access via a brute-force password-guessing attack, as the HMI user interface lists all valid usernames.

Recommendations For Schneider Electric InduSoft Web Studio versions prior to 7.1.3.4 SP3 Patch 4, update to version 7.1.3.4 SP3 Patch 4 or later. For Schneider Electric InTouch Machine Edition 2014 versions prior to 7.1.3.4 SP3 Patch 4, update to version 7.1.3.4 SP3 Patch 4 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-0997

Affected Products

Intouch Machine Edition 2014

Indusoft Web Studio

PT-2015-5015 · Schneider Electric · Indusoft Web Studio+1

CVE-2015-0997

Weakness Enumeration

Related Identifiers

Affected Products

References · 4