CVE-2014-9197 - Vulnerability Details - OpenCVE

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00292.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Etg3000 Factorycast Hmi Gateway Firmware Tsxetg3000 Tsxetg3010 Tsxetg3021 Tsxetg3022

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:etg3000_factorycast_hmi_gateway_firmware:1.60.2:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:tsxetg3000:-:::::::*
	cpe:2.3:h:schneider-electric:tsxetg3010:-:::::::*
	cpe:2.3:h:schneider-electric:tsxetg3021:-:::::::*
	cpe:2.3:h:schneider-electric:tsxetg3022:-:::::::*

No data.

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02
https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02

History

Fri, 05 Sep 2025 21:30:00 +0000

Type	Values Removed	Values Added
Title		Schneider Electric ETG3000 FactoryCast HMI Gateway Missing Authentication for Critical Function
Weaknesses		CWE-306
References		https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02
Metrics	cvssV2_0 `{'score': 7.8, 'vector': 'AV:N/AC:L/Au:N/C:C/I:N/A:N'}`	cvssV2_0 `{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2015-01-27T11:00:00

Updated: 2025-09-05T21:19:01.472Z

Reserved: 2014-12-02T00:00:00

Link: CVE-2014-9197

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-01-27T19:59:00.040

Modified: 2025-09-05T22:15:33.210

Link: CVE-2014-9197

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ETG3000 FactoryCast HMI Gateway", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "TSXETG3000"}, {"status": "affected", "version": "TSXETG3010"}, {"status": "affected", "version": "TSXETG3021"}, {"status": "affected", "version": "TSXETG3022"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Narendra Shinde of Qualys Security"}], "datePublic": "2015-01-20T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\nThe Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.\n\n</p>"}], "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-05T21:19:01.472Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Schneider Electric has produced an updated firmware, labelled V1.60 \nIR 04. This firmware release moves the jar files directory in a secure \narea. The new firmware also includes the ability to disable the FTP \nserver. This updated firmware can be downloaded at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe=true&reference=ETG30xxV160-IR04\">http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe...</a></p>\n\n<br>"}], "value": "Schneider Electric has produced an updated firmware, labelled V1.60 \nIR 04. This firmware release moves the jar files directory in a secure \narea. The new firmware also includes the ability to disable the FTP \nserver. This updated firmware can be downloaded at:\n\n\n http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe... http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/"}], "source": {"advisory": "ICSA-15-020-02", "discovery": "EXTERNAL"}, "title": "Schneider Electric ETG3000 FactoryCast HMI Gateway Missing Authentication for Critical Function", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Schneider Electric recommends the FTP server be deactivated when not \nneeded. The firmware update does not remove the hard-coded credentials.</p>\n<p>Narendra Shinde also found that configuration files were accessible \nusing default credentials. Schneider Electric recommends users change \nthe default login credentials. This will protect configuration files \nfrom unauthorized access.</p>\n\n<br>"}], "value": "Schneider Electric recommends the FTP server be deactivated when not \nneeded. The firmware update does not remove the hard-coded credentials.\n\n\nNarendra Shinde also found that configuration files were accessible \nusing default credentials. Schneider Electric recommends users change \nthe default login credentials. This will protect configuration files \nfrom unauthorized access."}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:24.525Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9197", "datePublished": "2015-01-27T11:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2025-09-05T21:19:01.472Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:etg3000_factorycast_hmi_gateway_firmware:1.60.2:*:*:*:*:*:*:*", "matchCriteriaId": "88278ADF-FD66-4110-80F2-059D98B5D740", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxetg3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D2618A-486E-4055-BAFD-81F82C6B3D2A", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3010:-:*:*:*:*:*:*:*", "matchCriteriaId": "55B765EF-1FA4-4994-AE8C-E11BF4F9B95E", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3021:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB5F2A27-898A-4F8F-BAD5-FA64370A6B98", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3022:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D483984-53F3-4972-9F6D-9446C06891D5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}, {"lang": "es", "value": "Schneider Electric ETG3000 FactoryCast HMI Gateway con firmware anterior a 1.60 IR 04 almacena rde.jar bajo el root web sin suficiente control de acceso, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de la instalaci\u00f3n y la configuraci\u00f3n a trav\u00e9s de una solicitud directa."}], "id": "CVE-2014-9197", "lastModified": "2025-09-05T22:15:33.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-27T19:59:00.040", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Secondary"}]}