10
CVE-2014-9197
- EPSS 0.27%
- Veröffentlicht 27.01.2015 19:59:00
- Zuletzt bearbeitet 05.09.2025 22:15:33
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Etg3000 Factorycast Hmi Gateway Firmware Version1.60.2
Schneider-electric ≫ Tsxetg3000 Version-
Schneider-electric ≫ Tsxetg3010 Version-
Schneider-electric ≫ Tsxetg3021 Version-
Schneider-electric ≫ Tsxetg3022 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.502 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
| ics-cert@hq.dhs.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.