Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9197

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2014-9197
Last Modified 28 Jan 2015 01:52:02
Published 27 Jan 2015 02:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9197

Summary

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

Vulnerable Systems

Operating System

  • Schneider-electric Etg3000 Factorycast Hmi Gateway Firmware 1.60.2


References

MISC - https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02


Last Updated: 27 May 2016 11:07:38