User Interface Vulnerability in Schneider Electric InduSoft Web Studio and InTouch Machine Edition
CVE-2015-0997

Currently unrated

Key Information:

Vendor
Schneider Electric
Status
Wonderware Intouch 2014
Aveva Edge
Vendor
CVE Published:
29 March 2015

Summary

Schneider Electric InduSoft Web Studio and InTouch Machine Edition exhibit a user interface vulnerability that reveals all valid usernames to users. This exposure significantly lowers the barrier for attackers seeking unauthorized access through brute-force password-guessing techniques. The affected versions before specified patches enable easier exploitation, thus emphasizing the need for immediate updates to safeguard systems.

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...
x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01
x_refsource_MISC
http://download.schneider-electric.com/files?p_Doc_Ref=SE...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.