CVE-2014-9197

Schneider Electric ETG3000 - Info Disclosure

Title source: llm

Description

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02

[Patch, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

Scores

EPSS 0.0027

EPSS Percentile 50.1%

Classification

CWE

CWE-284 CWE-306

Status draft

Affected Products (5)

schneider-electric/etg3000_factorycast_hmi_gateway_firmware

schneider-electric/tsxetg3000

schneider-electric/tsxetg3010

schneider-electric/tsxetg3021

schneider-electric/tsxetg3022

Timeline

Published Jan 27, 2015

Tracked Since Feb 18, 2026