CVE-2015-3962

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01	Broken Link Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:schneider-electric:struxureware_building_expert_multi-purpose_management:*:*:*:*:*:*:*:*

History

02 Feb 2022, 02:07

Type	Values Removed	Values Added
CWE	CWE-200 CWE-310	CWE-522
References	~~(CONFIRM) http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01 - Vendor Advisory~~	(CONFIRM) http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01 - Broken Link, Vendor Advisory
First Time		Schneider-electric Schneider-electric struxureware Building Expert Multi-purpose Management
CPE	cpe:2.3:a:schneider_electric:struxureware_building_expert_mpm::::::::	cpe:2.3:a:schneider-electric:struxureware_building_expert_multi-purpose_management::::::::

Information

Published : 2015-09-18 22:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-3962

Mitre link : CVE-2015-3962

CVE.ORG link : CVE-2015-3962

JSON object : View

Products Affected

schneider-electric

struxureware_building_expert_multi-purpose_management

CWE

CWE-522

Insufficiently Protected Credentials

5.0 /10