Vulnerabilities > CVE-2017-5155 - Insecure Default Initialization of Resource vulnerability in Schneider-Electric Wonderware Historian 2014R2Sp1P01
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/
- http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/
- http://www.securityfocus.com/bid/95766
- http://www.securityfocus.com/bid/95766
- http://www.securitytracker.com/id/1037808
- http://www.securitytracker.com/id/1037808
- https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01
- https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01