Vulnerability Description
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Etg3000 Factorycast Hmi Gateway Firmware | 1.60.2 |
| Schneider-Electric | Tsxetg3000 | - |
| Schneider-Electric | Tsxetg3010 | - |
| Schneider-Electric | Tsxetg3021 | - |
| Schneider-Electric | Tsxetg3022 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02
- https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02PatchUS Government Resource
FAQ
What is CVE-2014-9197?
CVE-2014-9197 is a vulnerability with a CVSS score of 10.0 (HIGH). The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensi...
How severe is CVE-2014-9197?
CVE-2014-9197 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9197?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Etg3000 Factorycast Hmi Gateway Firmware, Schneider-Electric Tsxetg3000, Schneider-Electric Tsxetg3010, Schneider-Electric Tsxetg3021, Schneider-Electric Tsxetg3022.