Vulnerability Details : CVE-2015-1009
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
Vulnerability category: Information leak
Products affected by CVE-2015-1009
- cpe:2.3:a:wonderware:intouch:*:sp3:*:*:machine:*:*:*
- cpe:2.3:a:indusoft:web_studio:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1009
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1009
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.7
|
LOW | AV:L/AC:L/Au:S/C:P/I:N/A:N |
3.1
|
2.9
|
NIST |
CWE ids for CVE-2015-1009
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1009
-
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability | CISAThird Party Advisory;US Government Resource
-
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
Vendor Advisory
-
https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
Sign In
Jump to