← Back to home
ICSA-15-211-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability

CVSS 1.7 LOW

CVEs (1)

Remediations

  • Schneider Electric has two divisions supporting this product under separate organizations
  • Patch availability and technical information are available at these separate divisional support units
  • Schneider Electric has issued separate security notices for each specific division/product support center
  • SEVD-2015-100-01 - InduSoft Web Studio
  • Schneider Electric has released patches, available for download, to remediate the noted vulnerabilities
  • The patch for InduSoft Web Studio, Version 7.1.3.5, Patch 5, is available for download using this URL: (http://www.indusoft.com/dev/INDUSOFT/Release/IWS71.3.5/IWS71.3.5.zip)
  • Additional information on vulnerabilities in Schneider Electric’s products may be found at its cybersecurity web page at: (http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page)

Affected Vendors

Schneider Electric

Affected Products (2)

Schneider Electric · InduSoft Web Studio <=7.1.3.4
Schneider Electric · InTouch Machine Edition 2014 <=7.1_Service_Pack_3_Patch_4

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more