Cleartext Credential Transmission in Schneider Electric InduSoft Web Studio and InTouch Machine Edition
CVE-2015-0998

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Wonderware Intouch 2014; Aveva Edge
Vendor: CVE Published:; 29 March 2015

Summary

Schneider Electric's InduSoft Web Studio and InTouch Machine Edition prior to specified versions are susceptible to a vulnerability that allows the transmission of cleartext credentials. This weakness permits remote unauthenticated attackers to eavesdrop on the network, potentially compromising sensitive information and leading to unauthorized access. It underscores the necessity for robust security measures, including encryption, to safeguard credential transmission over networks.

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_CONFIRM

https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01

x_refsource_MISC

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 29, 2015
Vulnerability Reserved
Jan 10, 2015