Description
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
References (2)
Core 2
Core References
Patch, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02
Scores
EPSS
0.0027
EPSS Percentile
50.5%
Details
CWE
CWE-284
CWE-306
Status
published
Products (9)
Schneider Electric/ETG3000 FactoryCast HMI Gateway
TSXETG3000
Schneider Electric/ETG3000 FactoryCast HMI Gateway
TSXETG3010
Schneider Electric/ETG3000 FactoryCast HMI Gateway
TSXETG3021
Schneider Electric/ETG3000 FactoryCast HMI Gateway
TSXETG3022
schneider-electric/etg3000_factorycast_hmi_gateway_firmware
1.60.2
schneider-electric/tsxetg3000
schneider-electric/tsxetg3010
schneider-electric/tsxetg3021
schneider-electric/tsxetg3022
Published
Jan 27, 2015
Tracked Since
Feb 18, 2026