CVE-2015-3962

Schneider Electric StruxureWare Building Expert MPM <2.15 - Info Di...

Title source: llm

Description

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network.

References (2)

[Broken Link, Vendor Advisory] http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01

Scores

EPSS 0.0026

EPSS Percentile 49.6%

Classification

CWE

CWE-522

Status draft

Affected Products (1)

schneider-electric/struxureware_building_expert_multi-purpose_management < 2.15

Timeline

Published Sep 18, 2015

Tracked Since Feb 18, 2026