CVE-2015-1009
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
1.7
Description
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| indusoft | web_studio | {"endIncluding":"7.1.3.5"} | |
| wonderware | intouch | {"endIncluding":"7.1"} | |
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
- https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
- https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
CWEs
CWE-200
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.