Vulnerability Description
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Indusoft | Web Studio | <= 7.1.3.5 |
| Wonderware | Intouch | <= 7.1 |
Related Weaknesses (CWE)
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01Vendor Advisory
- https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bullet
- https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01Third Party AdvisoryUS Government Resource
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01Vendor Advisory
- https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bullet
- https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-1009?
CVE-2015-1009 is a vulnerability with a CVSS score of 1.7 (LOW). Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users...
How severe is CVE-2015-1009?
CVE-2015-1009 has been rated LOW with a CVSS base score of 1.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1009?
Check the references section above for vendor advisories and patch information. Affected products include: Indusoft Web Studio, Wonderware Intouch.