Insufficient Access Control Vulnerability in Schneider Electric ETG3000 Gateway
CVE-2014-9197

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Etg3000 Factorycast Hmi Gateway Firmware; Tsxetg3000; Tsxetg3010; Tsxetg3021
Vendor: CVE Published:; 27 January 2015

Summary

The Schneider Electric ETG3000 FactoryCast HMI Gateway is affected by an insufficient access control vulnerability that enables remote attackers to access sensitive configuration and setup information. This exposure occurs because the rde.jar file is stored under the web root without proper access restrictions. Attackers can exploit this flaw by making direct requests to the affected system, potentially compromising the security of the gateway.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

x_refsource_MISC

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Dec 2, 2014