CyberSec.Space Logo
Back to CVE Browser

CVE-2014-9197

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1810%
EPSS Percentile43.10th
PublishedJan 27, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

Affected Platforms (CPE)

πŸ’»
Schneider Electric

Etg3000 Factorycast Hmi Gateway Firmware

= 1.60.2
πŸ”Œ
Schneider Electric

Tsxetg3000

All versions
πŸ”Œ
Schneider Electric

Tsxetg3010

All versions
πŸ”Œ
Schneider Electric

Tsxetg3021

All versions
πŸ”Œ
Schneider Electric

Tsxetg3022

All versions

References & Advisories

πŸ”— https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

Related Vulnerabilities

CVE-2014-919810.0

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credential...

CVE-2014-052310.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-049810.0

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Ma...

CVE-2014-052410.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...