CVE-2014-9197— Schneider Electric ETG3000 FactoryCast HMI Gateway Missing Authentication for Critical Function
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2014-9197
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Schneider Electric ETG3000 FactoryCast HMI Gateway Missing Authentication for Critical Function
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Schneider Electric ETG3000 FactoryCast HMI Gateway 权限许可和访问控制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schneider Electric ETG3000 FactoryCast HMI Gateway是法国施耐德电气(Schneider Electric)公司的一套基于Web的SCADA系统。 使用1.60 IR 04之前版本固件的Schneider Electric ETG3000 FactoryCast HMI Gateway中存在安全漏洞,该漏洞源于程序在web root目录下存储rde.jar文件时,没有执行充分的访问控制。远程攻击者可通过发送直接的请求利用该漏洞获取敏感的设置和配置信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Schneider Electric | ETG3000 FactoryCast HMI Gateway | TSXETG3000 | - |
II. Public POCs for CVE-2014-9197
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2014-9197
Please Login to view more intelligence information
- https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2014-9197
IV. Related Vulnerabilities
Same vendor: Schneider Electric
- CVE-2026-2401
Schneider Electric PowerChute Serial Shutdown 日志信息泄露漏洞 - CVE-2026-2400
Schneider Electric PowerChute Serial Shutdown 注入漏洞 - CVE-2026-2403
Schneider Electric PowerChute Serial Shutdown 安全漏洞 - CVE-2026-2405
Schneider Electric PowerChute Serial Shutdown 资源管理错误漏洞 - CVE-2026-2402
Schneider Electric PowerChute Serial Shutdown 安全漏洞
Same weakness: CWE-306
- CVE-2026-42302
FastGPT: Unauthenticated Remote Code Execution (RCE) via cod - CVE-2026-42176
Scoold: Persistent Admin Takeover by Overwriting the admins - CVE-2026-44338
PraisonAI ships and generates a legacy API server with authe - CVE-2026-6736
Authentication bypass vulnerability in GitHub Enterprise Ser - CVE-2026-7415
Open MQTT orchestration without read/write ACLs in Yarbo rob
V. Comments for CVE-2014-9197
No comments yet