Описание
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
Ссылки
- PatchUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:schneider-electric:etg3000_factorycast_hmi_gateway_firmware:1.60.2:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:schneider-electric:tsxetg3000:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsxetg3010:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsxetg3021:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsxetg3022:-:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.0027
Низкий
10 Critical
CVSS2
7.8 High
CVSS2
Дефекты
CWE-306
CWE-284
Связанные уязвимости
github
больше 3 лет назад
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
EPSS
Процентиль: 50%
0.0027
Низкий
10 Critical
CVSS2
7.8 High
CVSS2
Дефекты
CWE-306
CWE-284