Vulnerabilities > CVE-2017-5178 - Insecure Default Initialization of Resource vulnerability in Schneider-Electric products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

schneider-electric

CWE-1188

critical

NVD

Published: 2017-03-08

Updated: 2021-06-04

Summary

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Tableau Server 7.0 Schneider Electric Tableau Server 10.1.3 Schneider Electric Tableau Desktop 10.1.3 Schneider Electric Tableau Desktop 7.0 Schneider Electric Wonderware Intelligence 2014	5

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References