CVE-2015-0998
Schneider Electric InduSoft Web Studio <7.1.3.4 - Info Disclosure
Title source: llmDescription
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01
Patch, Vendor Advisory x_refsource_confirm
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02
Scores
EPSS
0.0023
EPSS Percentile
45.3%
Details
CWE
CWE-200
Status
published
Products (2)
aveva/aveva_edge
< 7.1.3.4
schneider-electric/wonderware_intouch_2014
< 7.1.3.4
Published
Mar 29, 2015
Tracked Since
Feb 18, 2026