Multiple serious vulnerabilities have been found in Schneider Electric products. Malicious users can exploit these vulnerabilities to obtain sensitive information orbypass security restrictions.

Below is a complete list of vulnerabilities

1. Improper credentials storing and transmitting can be exploited locally via file manipulations or network sniffing;
2. Publication list of usernames can be exploited remotely via conducting brute-force attack.

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4
Schneider Electric InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4

Update to the latest version

SE bulletin
SE bulletin