Skip to main content

Etg3000 Factorycast Hmi Gateway Firmware CVE-2014-9197

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2015-01-27 ics-cert@hq.dhs.gov
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Jan 27, 2015 - 19:59 cve.org
CRITICAL 10.0

DescriptionCVE.org

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

AnalysisAI

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. Affected products include: Schneider-Electric Etg3000 Factorycast Hmi Gateway Firmware, Schneider-Electric Tsxetg3000, Schneider-Electric Tsxetg3010, Schneider-Electric Tsxetg3021, Schneider-Electric Tsxetg3022. Version information: before 1.60.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Require authentication for all sensitive operations, implement defense in depth.

Share

CVE-2014-9197 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy