CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-1009

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.9%

CVSS Severity

CVSS v2 Score 1.7

References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01

Products affected by CVE-2015-1009

Indusoft » Web Studio » Version: 6.1

cpe:2.3:a:indusoft:web_studio:6.1
Indusoft » Web Studio » Version: 7.0

cpe:2.3:a:indusoft:web_studio:7.0
Indusoft » Web Studio » Version: 7.1

cpe:2.3:a:indusoft:web_studio:7.1
Wonderware » Intouch » Version: Any

cpe:2.3:a:wonderware:intouch:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1009

Products

Pricing

Contact Us