{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ETG3000 FactoryCast HMI Gateway", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "TSXETG3000"}, {"status": "affected", "version": "TSXETG3010"}, {"status": "affected", "version": "TSXETG3021"}, {"status": "affected", "version": "TSXETG3022"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Narendra Shinde of Qualys Security"}], "datePublic": "2015-01-20T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\nThe Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.\n\n</p>"}], "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-05T21:19:01.472Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Schneider Electric has produced an updated firmware, labelled V1.60 \nIR 04. This firmware release moves the jar files directory in a secure \narea. The new firmware also includes the ability to disable the FTP \nserver. This updated firmware can be downloaded at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe=true&amp;reference=ETG30xxV160-IR04\">http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe...</a></p>\n\n<br>"}], "value": "Schneider Electric has produced an updated firmware, labelled V1.60 \nIR 04. This firmware release moves the jar files directory in a secure \narea. The new firmware also includes the ability to disable the FTP \nserver. This updated firmware can be downloaded at:\n\n\n http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe... http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/"}], "source": {"advisory": "ICSA-15-020-02", "discovery": "EXTERNAL"}, "title": "Schneider Electric ETG3000 FactoryCast HMI Gateway Missing Authentication for Critical Function", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Schneider Electric recommends the FTP server be deactivated when not \nneeded. The firmware update does not remove the hard-coded credentials.</p>\n<p>Narendra Shinde also found that configuration files were accessible \nusing default credentials. Schneider Electric recommends users change \nthe default login credentials. This will protect configuration files \nfrom unauthorized access.</p>\n\n<br>"}], "value": "Schneider Electric recommends the FTP server be deactivated when not \nneeded. The firmware update does not remove the hard-coded credentials.\n\n\nNarendra Shinde also found that configuration files were accessible \nusing default credentials. Schneider Electric recommends users change \nthe default login credentials. This will protect configuration files \nfrom unauthorized access."}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:24.525Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9197", "datePublished": "2015-01-27T11:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2025-09-05T21:19:01.472Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:etg3000_factorycast_hmi_gateway_firmware:1.60.2:*:*:*:*:*:*:*", "matchCriteriaId": "88278ADF-FD66-4110-80F2-059D98B5D740", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxetg3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D2618A-486E-4055-BAFD-81F82C6B3D2A", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3010:-:*:*:*:*:*:*:*", "matchCriteriaId": "55B765EF-1FA4-4994-AE8C-E11BF4F9B95E", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3021:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB5F2A27-898A-4F8F-BAD5-FA64370A6B98", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3022:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D483984-53F3-4972-9F6D-9446C06891D5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}, {"lang": "es", "value": "Schneider Electric ETG3000 FactoryCast HMI Gateway con firmware anterior a 1.60 IR 04 almacena rde.jar bajo el root web sin suficiente control de acceso, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de la instalaci\u00f3n y la configuraci\u00f3n a trav\u00e9s de una solicitud directa."}], "id": "CVE-2014-9197", "lastModified": "2025-09-05T22:15:33.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-27T19:59:00.040", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}