7.5

CVE-2017-5155

EPSS 0.64%
Published 13.02.2017 21:59:02
Last modified 20.04.2025 01:37:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Wonderware Historian Version2014_r2_sp1_p01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.64%	0.696

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/

Vendor Advisory

http://www.securityfocus.com/bid/95766

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037808

https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-5155

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5155

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5155

EUVD