CVE-2014-9197

EPSS 0.27%
Published 27.01.2015 19:59:00
Last modified 05.09.2025 22:15:33
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Etg3000 Factorycast Hmi Gateway Firmware Version1.60.2

Schneider-electric ≫ Tsxetg3000 Version-

Schneider-electric ≫ Tsxetg3010 Version-

Schneider-electric ≫ Tsxetg3021 Version-

Schneider-electric ≫ Tsxetg3022 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.502

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N
ics-cert@hq.dhs.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

Patch

US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02

https://nvd.nist.gov/vuln/detail/CVE-2014-9197

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-9197

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-9197

EUVD