CVE-2015-0996
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
Schneider Electric InduSoft Web Studio anterior a 7.1.3.4 SP3 Patch 4 e InTouch Machine Edition 2014 anterior a 7.1.3.4 SP3 Patch 4 dependen de una contraseña de texto claro embebida para controlar el acceso de lectura a los ficheros de proyectos y de la configuración de proyectos, lo que facilita a usuarios locales obtener información sensible mediante el descubrimiento de esta contraseña.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-01-10 CVE Reserved
- 2015-03-29 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01 | 2021-05-14 | |
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02 | 2021-05-14 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Aveva Search vendor "Aveva" | Aveva Edge Search vendor "Aveva" for product "Aveva Edge" | < 7.1.3.4 Search vendor "Aveva" for product "Aveva Edge" and version " < 7.1.3.4" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Wonderware Intouch 2014 Search vendor "Schneider-electric" for product "Wonderware Intouch 2014" | < 7.1.3.4 Search vendor "Schneider-electric" for product "Wonderware Intouch 2014" and version " < 7.1.3.4" | machine |
Affected
| ||||||