KLA10508
Multiple vulnerabilities in Schneider Electric products
Updated: 06/01/2019
Detect date
?
03/29/2015
Severity
?
Warning
Description

Multiple serious vulnerabilities have been found in Schneider Electric products. Malicious users can exploit these vulnerabilities to obtain sensitive information orbypass security restrictions.

Below is a complete list of vulnerabilities

  1. Improper credentials storing and transmitting can be exploited locally via file manipulations or network sniffing;
  2. Publication list of usernames can be exploited remotely via conducting brute-force attack.
Affected products

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4
Schneider Electric InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4

Solution

Update to the latest version

Original advisories

SE bulletin
SE bulletin

Impacts
?
OSI 
[?]

SB 
[?]
CVE-IDS
?
CVE-2015-09962.1Warning
CVE-2015-09992.1Warning
CVE-2015-09975.0Critical
CVE-2015-09983.3Warning