CVE-2015-0996 — Sensitive Information Exposure in Wonderware Intouch 2014

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aveva Edge Schneider-electric Wonderware Intouch 2014

Timeline

PublishedMar 29

Latest updateMay 13

Description

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDschneider-electric/wonderware_intouch_2014< 7.1.3.4

▶NVDaveva/aveva_edge< 7.1.3.4

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-2jjq-x889-r334: Schneider Electric InduSoft Web Studio before 7↗2022-05-13

▶

CVEList

CVE-2015-0996: Schneider Electric InduSoft Web Studio before 7↗2015-03-29

▶