PT-2015-5022 · Schneider Electric+1 · Indusoft Web Studio+1

Alisa Esage Shevchenko

Published

2015-08-01

Updated

2015-08-04

CVE-2015-1009

CVSS v2.0

1.7

Low

Vector

AV:L/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Schneider Electric InduSoft Web Studio versions prior to 7.1.3.5 Patch 5 Wonderware InTouch Machine Edition versions prior to 7.1 SP3 Patch 5

Description The issue allows local users to obtain sensitive information by reading a file due to the use of cleartext for project-window password storage.

Recommendations For Schneider Electric InduSoft Web Studio versions prior to 7.1.3.5 Patch 5, update to version 7.1.3.5 Patch 5 or later. For Wonderware InTouch Machine Edition versions prior to 7.1 SP3 Patch 5, update to version 7.1 SP3 Patch 5 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-1009

Affected Products

Intouch Machine Edition

Indusoft Web Studio

PT-2015-5022 · Schneider Electric+1 · Indusoft Web Studio+1

CVE-2015-1009

Weakness Enumeration

Related Identifiers

Affected Products

References · 4