Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0996

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2015-0996
Last Modified 30 Mar 2015 11:08:38
Published 29 Mar 2015 06:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-0996

Summary

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.

Vulnerable Systems

Application

  • Schneider Electric Indusoft Web Studio 7.1

  • Schneider Electric Wonderware Intouch 2014 7.1


References

MISC - https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01

CONFIRM - http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02

CONFIRM - http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01


Last Updated: 27 May 2016 11:08:14