Vulnerability Description
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Aveva Edge | < 7.1.3.4 |
| Schneider-Electric | Wonderware Intouch 2014 | < 7.1.3.4 |
Related Weaknesses (CWE)
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01PatchVendor Advisory
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02PatchVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01Third Party AdvisoryUS Government Resource
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01PatchVendor Advisory
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02PatchVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-0996?
CVE-2015-0996 is a vulnerability with a CVSS score of 2.1 (LOW). Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project f...
How severe is CVE-2015-0996?
CVE-2015-0996 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0996?
Check the references section above for vendor advisories and patch information. Affected products include: Aveva Aveva Edge, Schneider-Electric Wonderware Intouch 2014.