Lucene search
K

73 matches found

CVE
CVE
added 2017/11/13 8:0 p.m.62 views

CVE-2017-14024

Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and earlier, and InTouch Machine Edition v8.0 SP2 Patch 1 and earlier, are affected by CVE-2017-14024 due to a stack-based buffer overflow. The vulnerability may allow remote code execution with high privileges. Exploitation can occur remote...

10CVSS9.9AI score0.05834EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2017/11/13 12:0 a.m.3 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Buffer Overflow Vulnerability

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A buffer overflow vulnerability exists in Schneider Electric InduSoft Web Studio and InTouch Machine Edition that could allow an attacker to remotely execut...

10CVSS7.5AI score0.05834EPSS
Exploits0References1
NVD
NVD
added 2017/10/03 1:29 a.m.15 views

CVE-2017-13997

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

10CVSS9.8AI score0.05053EPSS
Exploits0References2
OSV
OSV
added 2017/10/03 1:29 a.m.4 views

CVE-2017-13997

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

9.8CVSS6AI score0.05053EPSS
Exploits0References2
Prion
Prion
added 2017/10/03 1:29 a.m.13 views

Authentication flaw

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

10CVSS9.7AI score0.05053EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2017/10/02 5:0 a.m.18 views

CVE-2017-13997

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

9.9AI score0.05053EPSS
Exploits0References2
CVE
CVE
added 2017/10/02 5:0 a.m.60 views

CVE-2017-13997

The CVE-2017-13997 issue affects Schneider Electric InduSoft Web Studio (v8.0 SP2 or prior) and InTouch Machine Edition (v8.0 SP2 or prior). It is a Missing Authentication for Critical Function vulnerability (CWE-306) that could allow a remote attacker to bypass server authentication and trigger ...

10CVSS9.7AI score0.05053EPSS
Exploits0References2Affected Software2
ICS
ICS
added 2017/09/21 12:0 a.m.32 views

Schneider Electric InduSoft Web Studio, InTouch Machine Edition

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: InduSoft Web Studio, InTouch Machine Edition Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the...

10CVSS10AI score0.05053EPSS
Exploits0References3
ICS
ICS
added 2015/12/27 7:0 a.m.43 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities

OVERVIEW Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies Security Lab and independent researcher Alisa Esage Shevchenko have identified vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patch...

5CVSS6.8AI score0.024EPSS
Exploits0References10
ICS
ICS
added 2015/12/27 7:0 a.m.60 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-085-01 Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities, that was published March 26, 2015, to the NCCIC/ICS-CERT web site. Gleb Gritsai, Ilya Karpov, and Kirill Nesterov o...

5CVSS6.7AI score0.024EPSS
Exploits0References10
CVE
CVE
added 2015/08/01 1:0 a.m.67 views

CVE-2015-1009

CVE-2015-1009 affects Schneider Electric InduSoft Web Studio (before v7.1.3.5 Patch 5) and Wonderware InTouch Machine Edition (through 7.1 SP3 Patch 4). The vulnerability is information disclosure: project-window passwords are stored in clear text in the configuration file, enabling local users t...

1.7CVSS6AI score0.00315EPSS
Exploits0References3Affected Software2
ICS
ICS
added 2015/05/02 6:0 a.m.43 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability

OVERVIEW Gleb Gritsai, Alisa Esage Shevchenko, Ilya Karpov, and the team from Positive Technologies Security have found sensitive information stored in clear text in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products. Schneider Electric has released new patches t...

1.7CVSS6.7AI score0.00315EPSS
Exploits0References10
CNVD
CNVD
added 2015/03/30 12:0 a.m.2 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02056)

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...

2.1CVSS6.5AI score0.00372EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/30 12:0 a.m.2 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02057)

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...

3.3CVSS6.7AI score0.0078EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/30 12:0 a.m.2 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02058)

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...

5CVSS7.1AI score0.024EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/30 12:0 a.m.2 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02059)

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...

2.1CVSS6.3AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2015/03/29 10:59 a.m.20 views

CVE-2015-0999

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file...

2.1CVSS5.7AI score0.00372EPSS
Exploits0References3
NVD
NVD
added 2015/03/29 10:59 a.m.12 views

CVE-2015-0998

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

3.3CVSS6.1AI score0.0078EPSS
Exploits0References3
NVD
NVD
added 2015/03/29 10:59 a.m.15 views

CVE-2015-0997

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...

5CVSS6.4AI score0.024EPSS
Exploits0References3
NVD
NVD
added 2015/03/29 10:59 a.m.20 views

CVE-2015-0996

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive...

2.1CVSS5.7AI score0.00372EPSS
Exploits0References3
Rows per page
Query Builder