CVE-2015-1009
Schneider Electric InduSoft Web Studio <7.1.3.5 - Info Disclosure
Title source: llmDescription
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
Various Sources x_refsource_misc
https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
Vendor Advisory x_refsource_confirm
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
Scores
EPSS
0.0032
EPSS Percentile
23.4%
Details
CWE
CWE-200
Status
published
Products (2)
indusoft/web_studio
< 7.1.3.5
wonderware/intouch
< 7.1
Published
Aug 01, 2015
Tracked Since
Feb 18, 2026