cvelistv5 - cve-2015-0996

cve-2015-0996

Vulnerability from cvelistv5

Published

2015-03-29 10:00

Modified

2024-08-06 04:26

Severity ?

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01	Patch, Vendor Advisory
ics-cert@hq.dhs.gov	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02	Patch, Vendor Advisory
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:26:11.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-29T02:57:00",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2015-0996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
            },
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2015-0996",
    "datePublished": "2015-03-29T10:00:00",
    "dateReserved": "2015-01-10T00:00:00",
    "dateUpdated": "2024-08-06T04:26:11.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0996\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2015-03-29T10:59:05.383\",\"lastModified\":\"2024-11-21T02:24:06.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.\"},{\"lang\":\"es\",\"value\":\"Schneider Electric InduSoft Web Studio anterior a 7.1.3.4 SP3 Patch 4 e InTouch Machine Edition 2014 anterior a 7.1.3.4 SP3 Patch 4 dependen de una contrase\u00f1a de texto claro embebida para controlar el acceso de lectura a los ficheros de proyectos y de la configuraci\u00f3n de proyectos, lo que facilita a usuarios locales obtener informaci\u00f3n sensible mediante el descubrimiento de esta contrase\u00f1a.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1.3.4\",\"matchCriteriaId\":\"9320F153-84EC-4722-AD6D-D24963D152CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:wonderware_intouch_2014:*:*:*:*:machine:*:*:*\",\"versionEndExcluding\":\"7.1.3.4\",\"matchCriteriaId\":\"26601A30-9851-42EF-BEF7-2C50D7AE920F\"}]}]}],\"references\":[{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

fkie_cve-2015-0996

Vulnerability from fkie_nvd

Published

2015-03-29 10:59

Modified

2024-11-21 02:24

Severity ?

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01	Patch, Vendor Advisory
ics-cert@hq.dhs.gov	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02	Patch, Vendor Advisory
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	aveva	aveva_edge	*
	schneider-electric	wonderware_intouch_2014	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9320F153-84EC-4722-AD6D-D24963D152CD",
              "versionEndExcluding": "7.1.3.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:wonderware_intouch_2014:*:*:*:*:machine:*:*:*",
              "matchCriteriaId": "26601A30-9851-42EF-BEF7-2C50D7AE920F",
              "versionEndExcluding": "7.1.3.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password."
    },
    {
      "lang": "es",
      "value": "Schneider Electric InduSoft Web Studio anterior a 7.1.3.4 SP3 Patch 4 e InTouch Machine Edition 2014 anterior a 7.1.3.4 SP3 Patch 4 dependen de una contrase\u00f1a de texto claro embebida para controlar el acceso de lectura a los ficheros de proyectos y de la configuraci\u00f3n de proyectos, lo que facilita a usuarios locales obtener informaci\u00f3n sensible mediante el descubrimiento de esta contrase\u00f1a."
    }
  ],
  "id": "CVE-2015-0996",
  "lastModified": "2024-11-21T02:24:06.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-29T10:59:05.383",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2015-0996

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2015-0996

Aliases

CVE-2015-0996

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0996",
    "description": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.",
    "id": "GSD-2015-0996"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0996"
      ],
      "details": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.",
      "id": "GSD-2015-0996",
      "modified": "2023-12-13T01:19:58.385915Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2015-0996",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01",
            "refsource": "CONFIRM",
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
          },
          {
            "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02",
            "refsource": "CONFIRM",
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1.3.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_intouch_2014:*:*:*:*:machine:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1.3.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2015-0996"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
            },
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
            },
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-05-14T15:24Z",
      "publishedDate": "2015-03-29T10:59Z"
    }
  }
}

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both embedded HMI software packages from Schneider Electric, France. Read access. A local attacker could exploit this vulnerability to obtain sensitive information by discovering passwords. Schneider Electric Products are prone to multiple local information-disclosure vulnerabilities. This may aid in further attacks. This product provides HMI clients with read, write tag and event monitoring capabilities

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0061",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wonderware intouch 2014",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "schneider electric",
        "version": "7.1"
      },
      {
        "model": "indusoft web studio",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "schneider electric",
        "version": "7.1"
      },
      {
        "model": "edge",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "aveva",
        "version": "7.1.3.4"
      },
      {
        "model": "wonderware intouch 2014",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "7.1.3.4"
      },
      {
        "model": "indusoft web studio",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "7.1.3.4 sp3 patch 4"
      },
      {
        "model": "intouch machine edition 2014",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "7.1.3.4 sp3 patch 4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "indusoft web studio",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "wonderware intouch 2014",
        "version": "*"
      },
      {
        "model": "electric indusoft web studio sp3 patch",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "7.1.3.44"
      },
      {
        "model": "electric intouch machine edition sp3 patch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2014(\u003c7.1.3.44)"
      },
      {
        "model": "intouch machine edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "20147.1.3.2"
      },
      {
        "model": "indusoft web studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "7.1.3.2"
      },
      {
        "model": "indusoft web studio sp patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "7.1.3.434"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "db": "BID",
        "id": "73387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0996"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:schneider_electric:indusoft_web_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:schneider_electric:wonderware_intouch_2014",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies.",
    "sources": [
      {
        "db": "BID",
        "id": "73387"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0996",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-0996",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2015-02059",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "7d7f00b1-463f-11e9-9603-000c29342cb1",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "9a491a14-2351-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "9ca039b4-2351-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-78942",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-0996",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-0996",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-02059",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-615",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "7d7f00b1-463f-11e9-9603-000c29342cb1",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "9a491a14-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "9ca039b4-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78942",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-0996",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78942"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0996"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0996"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both embedded HMI software packages from Schneider Electric, France. Read access. A local attacker could exploit this vulnerability to obtain sensitive information by discovering passwords. Schneider Electric Products are prone to multiple local information-disclosure vulnerabilities. This may aid in further attacks. This product provides HMI clients with read, write tag and event monitoring capabilities",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0996"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "db": "BID",
        "id": "73387"
      },
      {
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78942"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0996"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0996",
        "trust": 4.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-085-01",
        "trust": 2.9
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2015-054-02",
        "trust": 2.4
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2015-054-01",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-615",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "73387",
        "trust": 0.4
      },
      {
        "db": "IVD",
        "id": "7D7F00B1-463F-11E9-9603-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "9A491A14-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "9CA039B4-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-78942",
        "trust": 0.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-085-01A",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0996",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78942"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0996"
      },
      {
        "db": "BID",
        "id": "73387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0996"
      }
    ]
  },
  "id": "VAR-201503-0061",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78942"
      }
    ],
    "trust": 2.0657392
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:01:52.696000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "InTouch Machine Edition 2014 Vulnerabilities",
        "trust": 0.8,
        "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
      },
      {
        "title": "InduSoft Web Studi Vulnerabilities",
        "trust": 0.8,
        "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
      },
      {
        "title": "Patch for Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02059)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/56785"
      },
      {
        "title": "IWS71.3.4",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54647"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78942"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0996"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-085-01"
      },
      {
        "trust": 2.4,
        "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-054-02"
      },
      {
        "trust": 1.8,
        "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-054-01"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0996"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0996"
      },
      {
        "trust": 0.3,
        "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38083"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-085-01a"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78942"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0996"
      },
      {
        "db": "BID",
        "id": "73387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0996"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78942"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0996"
      },
      {
        "db": "BID",
        "id": "73387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0996"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-31T00:00:00",
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "date": "2015-03-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78942"
      },
      {
        "date": "2015-03-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0996"
      },
      {
        "date": "2015-03-26T00:00:00",
        "db": "BID",
        "id": "73387"
      },
      {
        "date": "2015-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "date": "2015-03-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      },
      {
        "date": "2015-03-29T10:59:05.383000",
        "db": "NVD",
        "id": "CVE-2015-0996"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02059"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78942"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0996"
      },
      {
        "date": "2015-03-26T00:00:00",
        "db": "BID",
        "id": "73387"
      },
      {
        "date": "2015-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      },
      {
        "date": "2021-05-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      },
      {
        "date": "2024-11-21T02:24:06.317000",
        "db": "NVD",
        "id": "CVE-2015-0996"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-615"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric InduSoft Web Studio and  InTouch Machine Edition 2014 Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001993"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Information leakage",
    "sources": [
      {
        "db": "IVD",
        "id": "7d7f00b1-463f-11e9-9603-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "9a491a14-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "9ca039b4-2351-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 0.6
  }
}

ghsa-2jjq-x889-r334

Vulnerability from github

Published

2022-05-13 01:10

Modified

2022-05-13 01:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-03-29T10:59:00Z",
    "severity": "LOW"
  },
  "details": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.",
  "id": "GHSA-2jjq-x889-r334",
  "modified": "2022-05-13T01:10:05Z",
  "published": "2022-05-13T01:10:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0996"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
    },
    {
      "type": "WEB",
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
    },
    {
      "type": "WEB",
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2015-0996

Vulnerability from cvelistv5

fkie_cve-2015-0996

Vulnerability from fkie_nvd

gsd-2015-0996

Vulnerability from gsd

var-201503-0061

Vulnerability from variot

ghsa-2jjq-x889-r334

Vulnerability from github

Tags

Sightings

Nomenclature