Lucene search
IcscertCVE-2015-1009HistoryAug 01, 2015 - 1:59 a.m.
CVE-2015-1009
2015-08-0101:59:00
CWE-200
icscert
web.nvd.nist.gov
36
schneider electric
indusoft web studio
wonderware intouch machine edition
cleartext password
sensitive information
security vulnerability
nvd
cve-2015-1009
CVSS2
1.7
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0
Percentile
5.3%
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
Affected configurations
Node
indusoftweb_studioRange≤7.1.3.5
ORwonderwareintouchRange≤7.1sp3machine
| Vendor | Product | Version | CPE |
|---|---|---|---|
| indusoft | web_studio | * | cpe:2.3:a:indusoft:web_studio:*:*:*:*:*:*:*:* |
| wonderware | intouch | * | cpe:2.3:a:wonderware:intouch:*:sp3:*:*:machine:*:*:* |
Related
cvelist
cvelist
CVE-2015-1009
2015-08-01 01:00:00
openvas
openvas
ics
ics
ptsecurity
ptsecurity
prion
prion
Design/Logic Flaw
2015-08-01 01:59:00
nvd
nvd
CVE-2015-1009
2015-08-01 01:59:00
CVSS2
1.7
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0
Percentile
5.3%
Related for CVE-2015-1009