Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability

OVERVIEW Independent researcher Artyom Kurbatov has identified a cleartext transmission vulnerability in Schneider Electric’s StruxureWare Building Expert product. Schneider Electric has produced a new firmware version that mitigates this vulnerability. Artyom Kurbatov has tested the new firmware...

CVE-2015-3962

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network...

Code injection

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network...

CVE-2015-3962

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network...

CVE-2015-3962

Schneider Electric StruxureWare Building Expert MPM before version 2.15 is affected by a cleartext transmission vulnerability (CWE-319) where the client–server data stream is not encrypted, enabling remote attackers to discover user credentials by sniffing traffic. The issue affects StruxureWare ...

Schneider Electric StruxureWare Building Expert Plain Text Credentials Vulnerability

StruxureWare Building Expert is the building automation system. A plain text transmission vulnerability exists in Schneider Electric StruxureWare Building Expert products prior to version 2.15, which can be exploited by an attacker to obtain user login credentials...

Schneider Electric StruxureWare Building Expert Security Patch

Industrial control manufacturer Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability. Researcher Artyom Kurbatov discovered that the system transmits user credentials in plaintext between th...

Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability

OVERVIEW Independent researcher Artyom Kurbatov has identified a cleartext transmission vulnerability in Schneider Electric’s StruxureWare Building Expert product. Schneider Electric has produced a new firmware version that mitigates this vulnerability. Artyom Kurbatov has tested the new firmware...