Schneider Electric InduSoft Web Studio < 7.1.3.4 Multiple Information Disclosures (SEVD-2015-054-01)

medium Nessus Plugin ID 84263

Synopsis

The InduSoft Web Studio software running on the remote host is affected by multiple information disclosure vulnerabilities.

Description

According to its self-reported version, the installation of Schneider Electric InduSoft Web Studio running on the remote host is prior to 7.1.3.4. It is, therefore, affected by the multiple information disclosure vulnerabilities :

- A hard-coded plaintext password is used to control read access to files. A local attacker can exploit this to access sensitive information stored in project and project configuration files. (CVE-2015-0996)

- The HMI user interface presents valid usernames to the screen when connecting to the server via the HMI. A remote attacker can use this information to conduct brute-force password attacks. (CVE-2015-0997)

- User credentials are transmitted in cleartext. A man-in-the-middle attacker can exploit this, by sniffing the network, to obtain user credentials. (CVE-2015-0998)

- OPC user credentials are stored in plaintext in a configuration file. A local attacker can exploit this to obtain user credentials. (CVE-2015-0999)

Solution

Upgrade to Schneider Electric InduSoft Web Studio 7.1.3.4 or later.

See Also

http://www.nessus.org/u?f1966ea7

https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01A

Plugin Details

Severity: Medium

ID: 84263

File Name: scada_indusoft_web_studio_SEVD_2015-054-01.nbin

Version: 1.109

Type: remote

Family: SCADA

Published: 6/18/2015

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:schneider_electric:indusoft_web_studio

Required KB Items: installed_sw/InduSoft Web Studio HTTP Server

Exploit Ease: No known exploits are available

Patch Publication Date: 2/23/2015

Vulnerability Publication Date: 2/23/2015

Reference Information

CVE: CVE-2015-0996, CVE-2015-0997, CVE-2015-0998, CVE-2015-0999

BID: 73378, 73386, 73387, 73389

ICSA: 15-085-01A