Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-1009

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-01 Aug, 2015 | 01:00
Updated At-06 Aug, 2024 | 04:26
Rejected At-
Credits

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:01 Aug, 2015 | 01:00
Updated At:06 Aug, 2024 | 04:26
Rejected At:
▼CVE Numbering Authority (CNA)

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
x_refsource_MISC
https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
x_refsource_MISC
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
x_refsource_CONFIRM
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
Resource:
x_refsource_MISC
Hyperlink: https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
Resource:
x_refsource_MISC
Hyperlink: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
x_refsource_MISC
x_transferred
https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
x_refsource_MISC
x_transferred
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
x_refsource_CONFIRM
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:01 Aug, 2015 | 01:59
Updated At:12 Apr, 2025 | 10:46

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.01.7LOW
AV:L/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 1.7
Base severity: LOW
Vector:
AV:L/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
indusoft
indusoft
>>web_studio>>Versions up to 7.1.3.5(inclusive)
cpe:2.3:a:indusoft:web_studio:*:*:*:*:*:*:*:*
wonderware
wonderware
>>intouch>>Versions up to 7.1(inclusive)
cpe:2.3:a:wonderware:intouch:*:sp3:*:*:machine:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01ics-cert@hq.dhs.gov
Vendor Advisory
https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdfics-cert@hq.dhs.gov
N/A
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Hyperlink: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
Source: ics-cert@hq.dhs.gov
Resource:
Vendor Advisory
Hyperlink: https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2017-7995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.8||LOW
EPSS-0.10% / 28.13%
||
7 Day CHG~0.00%
Published-03 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

Action-Not Available
Vendor-n/aXen ProjectNovellSUSE
Product-xensuse_linux_enterprise_serveropenstack_cloudsuse_linux_enterprise_point_of_salemanager_proxymanagern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0982
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-1.7||LOW
EPSS-0.05% / 13.77%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1820
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-1.7||LOW
EPSS-0.07% / 21.00%
||
7 Day CHG~0.00%
Published-21 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_directory_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-0996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-1.7||LOW
EPSS-0.06% / 18.53%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-255
Not Available
CVE-2016-5848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 34.30%
||
7 Day CHG~0.00%
Published-04 Jul, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.

Action-Not Available
Vendor-n/aSiemens AG
Product-sicam_pas\/pqsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-3158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.8||LOW
EPSS-0.04% / 12.18%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Action-Not Available
Vendor-n/aXen ProjectFedora ProjectOracle Corporation
Product-fedoravm_serverxenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2016-3159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.8||LOW
EPSS-0.04% / 12.54%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Action-Not Available
Vendor-n/aXen ProjectFedora ProjectDebian GNU/LinuxOracle Corporation
Product-debian_linuxfedoravm_serverxenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2025-1115
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 0.60%
||
7 Day CHG~0.00%
Published-08 Feb, 2025 | 10:00
Updated-16 Feb, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RT-Thread lwp_syscall.c sys_timer_settime information disclosure

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_timer_start/sys_rt_timer_stop/sys_sem_delete/sys_sem_release/sys_sem_take/sys_shmat/sys_shmdt/sys_thread_create/sys_thread_delete/sys_thread_startup/sys_timer_delete/sys_timer_gettime/sys_timer_settime of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally.

Action-Not Available
Vendor-n/a
Product-RT-Thread
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
Details not found