Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Schenider patches plaintext credentials bug in building automation system

Schenider patches plaintext credentials bug in building automation system

2015/09/16

Threatpost - (International) Schneider Electric released a firmware update for its StruxureWare Building Expert automation system addressing a remotely executable vulnerability regarding how the system transmits user credentials in plaintext between server and client machines. The Industrial Control System Cyber Emergency Response Team reported that the vulnerability has not been publicly exploited.

Source: https://threatpost.com/schneider-patches-plaintext-credentials-bug-in-building-automation-system/114702/

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:25:15