Cleartext Storage of OPC User Credentials in Schneider Electric InduSoft Web Studio and InTouch Machine Edition

Cleartext Storage of OPC User Credentials in Schneider Electric InduSoft Web Studio and InTouch Machine Edition

CVE-2015-0999 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.

Learn more about our Web App Pen Testing.