CVE-2015-0996
published 2015-03-29CVE-2015-0996: Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext…
low2.1CVSS 3.1
AVLACLAuNCPINAN
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aveva | aveva_edge | < 7.1.3.4 | 7.1.3.4 |
| schneider-electric | wonderware_intouch_2014 | < 7.1.3.4 | 7.1.3.4 |