73 matches found
CVE-2017-14024
Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and earlier, and InTouch Machine Edition v8.0 SP2 Patch 1 and earlier, are affected by CVE-2017-14024 due to a stack-based buffer overflow. The vulnerability may allow remote code execution with high privileges. Exploitation can occur remote...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition Buffer Overflow Vulnerability
Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A buffer overflow vulnerability exists in Schneider Electric InduSoft Web Studio and InTouch Machine Edition that could allow an attacker to remotely execut...
CVE-2017-13997
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...
CVE-2017-13997
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...
Authentication flaw
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...
CVE-2017-13997
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...
CVE-2017-13997
The CVE-2017-13997 issue affects Schneider Electric InduSoft Web Studio (v8.0 SP2 or prior) and InTouch Machine Edition (v8.0 SP2 or prior). It is a Missing Authentication for Critical Function vulnerability (CWE-306) that could allow a remote attacker to bypass server authentication and trigger ...
Schneider Electric InduSoft Web Studio, InTouch Machine Edition
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: InduSoft Web Studio, InTouch Machine Edition Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities
OVERVIEW Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies Security Lab and independent researcher Alisa Esage Shevchenko have identified vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patch...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-085-01 Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities, that was published March 26, 2015, to the NCCIC/ICS-CERT web site. Gleb Gritsai, Ilya Karpov, and Kirill Nesterov o...
CVE-2015-1009
CVE-2015-1009 affects Schneider Electric InduSoft Web Studio (before v7.1.3.5 Patch 5) and Wonderware InTouch Machine Edition (through 7.1 SP3 Patch 4). The vulnerability is information disclosure: project-window passwords are stored in clear text in the configuration file, enabling local users t...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability
OVERVIEW Gleb Gritsai, Alisa Esage Shevchenko, Ilya Karpov, and the team from Positive Technologies Security have found sensitive information stored in clear text in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products. Schneider Electric has released new patches t...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02056)
Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02057)
Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02058)
Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02059)
Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...
CVE-2015-0999
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file...
CVE-2015-0998
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-0997
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...
CVE-2015-0996
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive...