Schneider Electric InduSoft cryptographic Vulnerability (CVE-2015-1009)

Schneider Electric InduSoft cryptographic Vulnerability (CVE-2015-1009)
Schneider Electric InduSoft cryptographic Vulnerability (CVE-2015-1009)

Release date:
Updated on:

Affected Systems:

Schneider Electric InduSoft Web Studio < 7.1.3.5 Patch 5
Schneider Electric InTouch Machine Edition 2014 < 7.1 SP3 Patch 4

Description:

CVE (CAN) ID: CVE-2015-1009

InduSoft Web Studio is a SCADA System and embedded instrumentation solution used to develop man-machine interfaces, supervisory control, and data collection. InduSoft Web Studio is a SCADA System and embedded instrumentation solution used to develop man-machine interfaces, supervisory control, and data collection.

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4. the password of the Project window is stored in plain text in the configuration file, this allows local users to obtain sensitive information by reading the file.

<* Source: Gleb Gritsai

Link: https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
*>

Suggestion:

Vendor patch:

Schneider Electric
------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://ics-cert.us-cert.gov/redirect? Bytes

This article permanently updates the link address: