Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric wonderware indusoft web studio vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-13997
A Missing Authentication for Critical Function issue exists in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the ...
Schneider-electric Wonderware Intouch
Schneider-electric Wonderware Indusoft Web Studio
9.8
CVSSv3
CVE-2017-14024
A Stack-based Buffer Overflow issue exists in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote cod...
Schneider-electric Wonderware Intouch
Schneider-electric Wonderware Indusoft Web Studio
7.8
CVSSv3
CVE-2017-7968
An Incorrect Default Permissions issue exists in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manip...
Schneider-electric Wonderware Indusoft Web Studio
NA
CVE-2015-1009
Schneider Electric InduSoft Web Studio prior to 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition up to and including 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
Indusoft Web Studio
Wonderware Intouch
NA
CVE-2015-0998
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote malicious users to obtain sensitive information by sniffing the network.
Schneider-electric Wonderware Intouch 2014
Aveva Aveva Edge
NA
CVE-2015-0999
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
Schneider-electric Wonderware Intouch 2014
Aveva Aveva Edge
NA
CVE-2015-0997
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote malicious users to obtain access via a brute-force pass...
Schneider-electric Wonderware Intouch 2014
Aveva Aveva Edge
NA
CVE-2015-0996
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users ...
Schneider-electric Wonderware Intouch 2014
Aveva Aveva Edge
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started