Insufficient Access Control Vulnerability in Schneider Electric ETG3000 Gateway
CVE-2014-9197

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Etg3000 Factorycast Hmi Gateway
Vendor: CVE Published:; 27 January 2015

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2014-9197?

The Schneider Electric ETG3000 FactoryCast HMI Gateway is affected by an insufficient access control vulnerability that enables remote attackers to access sensitive configuration and setup information. This exposure occurs because the rde.jar file is stored under the web root without proper access restrictions. Attackers can exploit this flaw by making direct requests to the affected system, potentially compromising the security of the gateway.

Affected Version(s)

ETG3000 FactoryCast HMI Gateway TSXETG3000

ETG3000 FactoryCast HMI Gateway TSXETG3010

ETG3000 FactoryCast HMI Gateway TSXETG3021

References

https://www.cisa.gov/news-events/ics-advisories/icsa-15-0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Dec 2, 2014