7.5

CVE-2017-5155

EPSS 0.64%
Veröffentlicht 13.02.2017 21:59:02
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Wonderware Historian Version2014_r2_sp1_p01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.696

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/

Vendor Advisory

http://www.securityfocus.com/bid/95766

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037808

https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-5155

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5155

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5155

EUVD