CVE-2014-9197

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Etg3000 Factorycast Hmi Gateway Firmware; Tsxetg3000; Tsxetg3010; Tsxetg3021
Vendor: CVE Published:; 27 January 2015

Summary

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

x_refsource_MISC

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Dec 2, 2014