Hardcoded Password Vulnerability in Schneider Electric InduSoft Web Studio and InTouch Machine Edition
CVE-2015-0996
Currently unrated
Key Information:
- Vendor
Schneider Electric
- Vendor
- CVE Published:
- 29 March 2015
What is CVE-2015-0996?
The vulnerability in Schneider Electric's InduSoft Web Studio and InTouch Machine Edition arises from the use of hardcoded cleartext passwords for controlling read access to Project and Project Configuration files. This design flaw allows local users to easily discover the password, thereby gaining unauthorized access to sensitive project information, which could lead to potential data breaches and compromise the integrity of operational environments.