CVE-2014-9197

Published: Jan 27, 2015Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

Affected (5)

Products: Schneider Electric: Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010, Tsxetg3021, Tsxetg3022

Schneider Electric

5 products

Etg3000 Factorycast Hmi Gateway Firmware

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Etg3000 Factorycast Hmi Gateway Firmware	Version 1.60.2
Schneider Electric Tsxetg3000	All versions
Schneider Electric Tsxetg3010	All versions
Schneider Electric Tsxetg3021	All versions
Schneider Electric Tsxetg3022	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

Timeline

No history available yet.