Information disclosure in Indusoft Web_studio
CVE-2015-1009
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by rea…
Vulnerability class: Information Disclosure
EPSS: 0.001 (23.6th percentile) — read the EPSS interpretation.
Affected products
- Indusoft Web_studio
- Wonderware Intouch
- N/a — versions n/a
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
- ics-cert@hq.dhs.gov (x_refsource_MISC)
- ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Vendor Advisory)