PT-2015-5016 · Schneider Electric · Indusoft Web Studio+1

Alisa Esage Shevchenko

Published

2015-03-29

Updated

2021-05-14

CVE-2015-0998

CVSS v2.0

3.3

Low

Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Schneider Electric InduSoft Web Studio versions prior to 7.1.3.4 SP3 Patch 4 Schneider Electric InTouch Machine Edition 2014 versions prior to 7.1.3.4 SP3 Patch 4

Description The issue allows remote attackers to obtain sensitive information by sniffing the network, as cleartext credentials are transmitted.

Recommendations For Schneider Electric InduSoft Web Studio versions prior to 7.1.3.4 SP3 Patch 4, update to version 7.1.3.4 SP3 Patch 4 or later. For Schneider Electric InTouch Machine Edition 2014 versions prior to 7.1.3.4 SP3 Patch 4, update to version 7.1.3.4 SP3 Patch 4 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-0998

Affected Products

Intouch Machine Edition 2014

Indusoft Web Studio

PT-2015-5016 · Schneider Electric · Indusoft Web Studio+1

CVE-2015-0998

Weakness Enumeration

Related Identifiers

Affected Products

References · 4