Lucene search

K

[email protected]NVD:CVE-2015-0999

HistoryMar 29, 2015 - 10:59 a.m.

CVE-2015-0999

2015-03-2910:59:08

CWE-200

[email protected]

web.nvd.nist.gov

1

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.

Affected configurations

NVD

Node

avevaaveva_edgeRange<7.1.3.4

OR

schneider-electricwonderware_intouch_2014Range<7.1.3.4machine

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02

ics-cert.us-cert.gov/advisories/ICSA-15-085-01

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

Related for NVD:CVE-2015-0999

prion1 cvelist1 cve1 kaspersky1 ics2 nessus1