KLA10508
Multiple vulnerabilities in Schneider Electric products
Обновлено: 17/06/2019
Дата обнаружения
29/03/2015
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Schneider Electric products. Malicious users can exploit these vulnerabilities to obtain sensitive information orbypass security restrictions.

Below is a complete list of vulnerabilities

  1. Improper credentials storing and transmitting can be exploited locally via file manipulations or network sniffing;
  2. Publication list of usernames can be exploited remotely via conducting brute-force attack.
Пораженные продукты

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4
Schneider Electric InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4

Решение

Update to the latest version

Первичный источник обнаружения
SE bulletin
SE bulletin
Оказываемое влияние
?
OSI 
[?]

SB 
[?]
Связанные продукты
InduSoft Web Studio
CVE-IDS
CVE-2015-09962.1Warning
CVE-2015-09992.1Warning
CVE-2015-09975.0Critical
CVE-2015-09983.3Warning