Описание
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 7.1.3.4 (исключая)Версия до 7.1.3.4 (исключая)
Одно из
cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:wonderware_intouch_2014:*:*:*:*:machine:*:*:*
EPSS
Процентиль: 19%
0.00062
Низкий
2.1 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
EPSS
Процентиль: 19%
0.00062
Низкий
2.1 Low
CVSS2
Дефекты
CWE-200