Sign-up

ID

VAR-201702-1091


TITLE

Schneider Electric StruxureWare Data Center Expert Product Password Leak Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-00817

DESCRIPTION

StruxureWare Data Center Expert is a DCIM (Data Center Infrastructure Management) solution designed to monitor infrastructure including security, power and environment. Schneider Electric StruxureWare Data Center Expert product has a password disclosure vulnerability. The cause of this vulnerability is that StruxureWare data center user passwords are stored in clear text, allowing attackers to use the vulnerability to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2017-00817

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-00817

AFFECTED PRODUCTS

vendor:schneidermodel:electric struxureware data center expertscope:lteversion:<=7.3.1

Trust: 0.6

sources: CNVD: CNVD-2017-00817

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-00817
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-00817
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-00817

PATCH

title:Patch for Schneider Electric StruxureWare Data Center Expert Product Password Leak Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/88521

Trust: 0.6

sources: CNVD: CNVD-2017-00817

EXTERNAL IDS

db:CNVDid:CNVD-2017-00817

Trust: 0.6

sources: CNVD: CNVD-2017-00817

REFERENCES

url:http://www.securityweek.com/schneider-data-center-monitoring-product-leaks-passwords?from=singlemessage&isappinstalled=0

Trust: 0.6

sources: CNVD: CNVD-2017-00817

SOURCES

db:CNVDid:CNVD-2017-00817

LAST UPDATE DATE

2022-05-04T09:51:38.337000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-00817date:2017-02-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-00817date:2017-02-04T00:00:00