VYPR

Wonderware Indusoft Web Studio

by Schneider Electric

CVEs (13)

  • CVE-2018-8840CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.08

    A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

  • CVE-2017-14024CriNov 13, 2017
    risk 0.64cvss 9.8epss 0.06

    A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow…

  • CVE-2017-13997CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.05

    A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server…

  • CVE-2017-7968HigMay 19, 2017
    risk 0.51cvss 7.8epss 0.00

    An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be…

  • CVE-2019-6543Feb 13, 2019
    risk 0.06cvss epss 0.17

    AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.

  • CVE-2019-6545Feb 13, 2019
    risk 0.04cvss epss 0.14

    AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary…

  • CVE-2015-7375Sep 25, 2015
    risk 0.00cvss epss 0.02

    Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file.

  • CVE-2015-7374Sep 25, 2015
    risk 0.00cvss epss 0.03

    The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649.

  • CVE-2015-1009Aug 1, 2015
    risk 0.00cvss epss 0.00

    Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

  • CVE-2015-0999Mar 29, 2015
    risk 0.00cvss epss 0.00

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.

  • CVE-2015-0998Mar 29, 2015
    risk 0.00cvss epss 0.01

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2015-0997Mar 29, 2015
    risk 0.00cvss epss 0.02

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force…

  • CVE-2015-0996Mar 29, 2015
    risk 0.00cvss epss 0.00

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to…