CVE-2015-0999

The CVE-2015-0999 issue affects Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4, where OPC User credentials are stored in cleartext in configuration files. This enables local attackers with access to read the files to o...

CVE-2015-0998

CVE-2015-0998 affects Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4). The issue is cleartext transmission of credentials (CWE-319), enabling an attacker on an adjacent network to sniff sensitive information. Root c...

CVE-2015-0996

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive...

Schneider Electric Patches Easily Exploitable Bugs in HMI Products

There are a series of vulnerabilities related to credentials and authentication in two of Schneider Electric’s HMI products, and an attacker who exploits them may be able to run arbitrary code. The bugs lie in Schneider’s InduSoft Web Studio and InTouch Machine Edition products, both of which are...

PT-2015-14: Password Access in Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014

The specialists of the Positive Research center have detected a Password Access vulnerability in Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Systems do not encrypt user passwords, which allows attackers to access them. How to fix Update your system up to the latest...