Vulnerability CVE-2015-1010


Published: 2015-05-31

Description:
Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Rockwellautomation -> Rsview32 

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-15-132-02
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/700915

Copyright 2024, cxsecurity.com

 

Back to Top