2.1

CVE-2015-0996

EPSS 0.06%
Veröffentlicht 29.03.2015 10:59:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aveva ≫ Aveva Edge Version < 7.1.3.4

Schneider-electric ≫ Wonderware Intouch 2014 SwEditionmachine Version < 7.1.3.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.163

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01

Patch

Vendor Advisory

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02

Patch

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2015-0996

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0996

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0996

EUVD