Search criteria
24 vulnerabilities found for ClearSCADA by Schneider Electric
VAR-201401-0246
Vulnerability from variot - Updated: 2023-12-18 14:06DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "electric clearscada r2 r3.1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010-2010"
},
{
"model": "electric scada expert clearscada r1 r1.2",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013-2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "64813"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-6142",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00429",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-66144",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6142",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-66144"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6142",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-014-01",
"trust": 3.4
},
{
"db": "BID",
"id": "64813",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00429",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850",
"trust": 0.8
},
{
"db": "IVD",
"id": "4AD3B3E4-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-66144",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"id": "VAR-201401-0246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
}
],
"trust": 1.7333333400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
}
]
},
"last_update_date": "2023-12-18T14:06:13.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA - SCADA software for telemetry and remote SCADA applications",
"trust": 0.8,
"url": "http://www.schneider-electric.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42539"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-014-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6142"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6142"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-17T00:00:00",
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"date": "2014-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-66144"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64813"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"date": "2014-01-15T16:11:08.363000",
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-66144"
},
{
"date": "2015-03-19T08:34:00",
"db": "BID",
"id": "64813"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"date": "2018-12-31T14:23:16.730000",
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
],
"trust": 0.8
}
}
VAR-202001-1852
Vulnerability from variot - Updated: 2023-12-18 14:04A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. ClearSCADA Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Schneider Electric EcoStruxure Geo SCADA Expert (EcoStruxure Geo SCADA Expert) is a set of data acquisition and monitoring software (SCADA) from Schneider Electric (France).
The folders in Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) are vulnerable to permission permissions and access control issues. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. No detailed vulnerability details are provided at this time. Attackers can exploit this vulnerability to delete or modify database, configuration and certificate files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1852",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2017"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2017 r2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2017 r3"
},
{
"model": "electric clearscada r3",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2017"
},
{
"model": "electric clearscada r2",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2017"
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2017"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"db": "NVD",
"id": "CVE-2019-6854"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Knowles(Lancaster University)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-138"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6854",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-03775",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-158289",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6854",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6854",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-03775",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-138",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-828",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158289",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"db": "VULHUB",
"id": "VHN-158289"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"db": "NVD",
"id": "CVE-2019-6854"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-138"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. ClearSCADA Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Schneider Electric EcoStruxure Geo SCADA Expert (EcoStruxure Geo SCADA Expert) is a set of data acquisition and monitoring software (SCADA) from Schneider Electric (France). \n\r\n\r\nThe folders in Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) are vulnerable to permission permissions and access control issues. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. No detailed vulnerability details are provided at this time. Attackers can exploit this vulnerability to delete or modify database, configuration and certificate files",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6854"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"db": "VULHUB",
"id": "VHN-158289"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6854",
"trust": 3.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-344-05",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-138",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201912-828",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03775",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158289",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"db": "VULHUB",
"id": "VHN-158289"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"db": "NVD",
"id": "CVE-2019-6854"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-138"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-828"
}
]
},
"id": "VAR-202001-1852",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"db": "VULHUB",
"id": "VHN-158289"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03775"
}
]
},
"last_update_date": "2023-12-18T14:04:51.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-344-05",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-05/"
},
{
"title": "Patch for Schneider Electric EcoStruxure Geo SCADA Expert Privilege Permission and Access Control Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/199157"
},
{
"title": "Schneider Electric EcoStruxure Geo SCADA Expert Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=108293"
},
{
"title": "Schneider Electric EcoStruxure Geo SCADA Expert Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105539"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-138"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158289"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"db": "NVD",
"id": "CVE-2019-6854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6854"
},
{
"trust": 2.3,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-05/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6854"
},
{
"trust": 0.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"db": "VULHUB",
"id": "VHN-158289"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"db": "NVD",
"id": "CVE-2019-6854"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-138"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"db": "VULHUB",
"id": "VHN-158289"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"db": "NVD",
"id": "CVE-2019-6854"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-138"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"date": "2020-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-158289"
},
{
"date": "2020-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"date": "2020-01-06T23:15:11.033000",
"db": "NVD",
"id": "CVE-2019-6854"
},
{
"date": "2020-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-138"
},
{
"date": "2019-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03775"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-158289"
},
{
"date": "2020-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014121"
},
{
"date": "2021-11-03T19:23:36.707000",
"db": "NVD",
"id": "CVE-2019-6854"
},
{
"date": "2022-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-138"
},
{
"date": "2021-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-138"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-828"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClearSCADA Vulnerabilities in authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014121"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-138"
}
],
"trust": 0.6
}
}
VAR-201709-1079
Vulnerability from variot - Updated: 2023-12-18 13:57Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2017"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2010",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"cve": "CVE-2017-9962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9962",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35027",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-118165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9962",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9962",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-35027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118165",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9962",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-264-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2017-35027",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "37698",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DE969E-39AB-11E9-A4AE-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7AD47499-BDFC-4EBC-ABE2-88ED69C51BAE",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118165",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"id": "VAR-201709-1079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
]
},
"last_update_date": "2023-12-18T13:57:15.786000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-264-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-264-01"
},
{
"title": "Schneider Electric ClearSCADA Memory Allocation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/106694"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-264-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9962"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37698"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2017-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2017-09-26T01:29:04.037000",
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2018-12-31T14:23:14.183000",
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"date": "2017-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Memory allocation vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 1.0
}
}
VAR-201409-0722
Vulnerability from variot - Updated: 2023-12-18 13:48Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0722",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4560)"
},
{
"model": "electric clearscada r3.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4644)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4729)"
},
{
"model": "electric scada expert clearscada r1.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4832)"
},
{
"model": "electric scada expert clearscada r1.1a (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4903)"
},
{
"model": "electric scada expert clearscada r1.2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4955)"
},
{
"model": "electric scada expert clearscada r2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5094)"
},
{
"model": "electric scada expert clearscada r2.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5192)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201475.5210)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2014"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "80073"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-5411",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-06196",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-73352",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5411",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2014-06196",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-73352",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5411",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2014-06196",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "111238",
"trust": 0.6
},
{
"db": "BID",
"id": "80073",
"trust": 0.4
},
{
"db": "IVD",
"id": "770608EC-1EB9-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "DCDEEBB0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73352",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"id": "VAR-201409-0722",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 1.9833333400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
]
},
"last_update_date": "2023-12-18T13:48:57.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Patch for Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50244"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5411"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5411"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/111238"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2014-09-18T10:55:11.640000",
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
}
}
VAR-201409-0723
Vulnerability from variot - Updated: 2023-12-18 13:48Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CERT",
"sources": [
{
"db": "BID",
"id": "69840"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5412",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5412",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06087",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5412",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5412",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.8
},
{
"db": "BID",
"id": "69840",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "DCF002D8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73353",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"id": "VAR-201409-0723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
]
},
"last_update_date": "2023-12-18T13:48:57.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5412"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5412"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69840"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2014-09-18T10:55:11.687000",
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2015-03-19T08:46:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Remote Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
}
}
VAR-201409-0724
Vulnerability from variot - Updated: 2023-12-18 13:48Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0724",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3-2014 r1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "69842"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5413",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5413",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06121",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73354",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5413",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73354",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5413",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.5
},
{
"db": "BID",
"id": "69842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284",
"trust": 0.8
},
{
"db": "IVD",
"id": "DCFE0734-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73354",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"id": "VAR-201409-0724",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
}
]
},
"last_update_date": "2023-12-18T13:48:57.686000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA has patches for remote unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5413"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5413"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2014-09-18T10:55:11.733000",
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-10-08T07:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Vulnerable to server impersonation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
}
}
VAR-201403-0444
Vulnerability from variot - Updated: 2023-12-18 13:29The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \"PLC Driver\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013"
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Brooks",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "BID",
"id": "65476"
}
],
"trust": 1.0
},
"cve": "CVE-2014-0779",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0779",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01024",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0779",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-0779",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \\\"PLC Driver\\\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0779",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-072-01",
"trust": 2.5
},
{
"db": "BID",
"id": "65476",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1876",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-059",
"trust": 0.7
},
{
"db": "IVD",
"id": "285FDC02-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68272",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"id": "VAR-201403-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
}
]
},
"last_update_date": "2023-12-18T13:29:46.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD 2014-024-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0779"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0779"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/65476"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2014-01-24T00:00:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2014-03-14T10:55:05.803000",
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2015-03-19T09:33:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA of Kepware KepServerEX 4 Component ServerMain.exe Inside PLC Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.8
}
}
VAR-202302-1810
Vulnerability from variot - Updated: 2023-12-18 13:26A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)
. Schneider Electric of ClearSCADA and EcoStruxure Geo SCADA Expert 2019 contains a vulnerability related to improper logging disablement.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1810",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7641.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8267.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7578.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8015.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7545.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7690.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7488.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7322.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7936.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8120.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7522.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8172.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7429.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8269.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7875.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7777.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7742.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7809.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8197.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8108.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8122.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8218.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8158.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7936.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7457.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8197.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7551.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8108.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8122.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8220.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7787.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7692.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7641.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7980.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8108.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7742.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8221.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7808.2"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7896.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7578.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7613.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7980.2"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7717.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8267.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8027.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8182.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8017.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7875.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7840.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8155.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7840.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7714.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8181.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8197.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7268.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7913.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7613.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8155.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8108.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8120.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8158.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8182.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8197.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8218.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8269.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8027.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7268.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7322.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7429.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7457.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7488.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7522.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7545.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7578.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7613.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7641.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7690.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7714.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7742.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7777.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7808.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7840.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7875.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7896.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7936.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7980.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8015.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8108.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8122.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8155.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8172.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8197.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8220.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8267.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7551.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7578.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7613.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7641.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7692.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7717.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7742.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7787.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7809.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7840.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7875.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7913.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7936.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7980.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8017.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8108.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8122.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8155.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8181.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8197.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8221.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8267.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"cve": "CVE-2023-0595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-0595",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-0595",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2023-0595",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1985",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server\u0027s database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)\n\n. Schneider Electric of ClearSCADA and EcoStruxure Geo SCADA Expert 2019 contains a vulnerability related to improper logging disablement.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "VULMON",
"id": "CVE-2023-0595"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-0595",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2023-045-01",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-453650",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-0595",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
]
},
"id": "VAR-202302-1810",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-453650"
}
],
"trust": 0.7287037
},
"last_update_date": "2023-12-18T13:26:44.988000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EcoStruxure Geo SCADA Expert Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=227643"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-117",
"trust": 1.1
},
{
"problemtype": "Disabling inappropriate logging (CWE-117) [ others ]",
"trust": 0.8
},
{
"problemtype": "CWE-116",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-045-01\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-045-01.pdf"
},
{
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2023-045-01/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0595"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-0595/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/117.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-453650"
},
{
"date": "2023-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"date": "2023-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"date": "2023-02-24T11:15:10.643000",
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"date": "2023-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-453650"
},
{
"date": "2023-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"date": "2023-10-31T02:03:00",
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"date": "2023-04-18T21:15:07.723000",
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider\u00a0Electric\u00a0 of \u00a0ClearSCADA\u00a0 and \u00a0EcoStruxure\u00a0Geo\u00a0SCADA\u00a0Expert\u00a02019\u00a0 Vulnerability related to improper log output disabling in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
],
"trust": 0.6
}
}
VAR-201805-0210
Vulnerability from variot - Updated: 2023-12-18 13:13In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Schneider Electric ClearSCADA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. The following versions are affected: ClearSCADA 2014 R1 (build 75.5210) and earlier, ClearSCADA 2014 R1.1 (build 75.5387) and earlier, ClearSCADA 2015 R1 (build 76.5648) and earlier, ClearSCADA 2015 R2 (build 77.5882) and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1.1 (build 75.5387)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2015 r1 (build 76.5648)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2015 r2 (build 77.5882)"
},
{
"model": "electric clearscada",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2015"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201072.4560"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201071.4325"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201071.4165"
},
{
"model": "clearscada r3.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201577.58"
},
{
"model": "clearscada r1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201576.56"
},
{
"model": "clearscada r1.1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201475."
},
{
"model": "clearscada r1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201475.52"
},
{
"model": "clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2 hotfix build",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada r1.1 sp (build",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada r1.1 hotfix bui",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2014:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2010",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2015:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2010",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2015:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov and Vladimir Dashchenko of Kapersky Lab??s Critical Infrastructure Defense Team",
"sources": [
{
"db": "BID",
"id": "96768"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6021",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03833",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "02487795-6c68-4ccc-a502-44cc37dedf09",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114224",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6021",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6021",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-03833",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-591",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114224",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Schneider Electric ClearSCADA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. The following versions are affected: ClearSCADA 2014 R1 (build 75.5210) and earlier, ClearSCADA 2014 R1.1 (build 75.5387) and earlier, ClearSCADA 2015 R1 (build 76.5648) and earlier, ClearSCADA 2015 R2 (build 77.5882) and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "VULHUB",
"id": "VHN-114224"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6021",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-068-01",
"trust": 2.8
},
{
"db": "BID",
"id": "96768",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-03833",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "36057",
"trust": 0.6
},
{
"db": "IVD",
"id": "02487795-6C68-4CCC-A502-44CC37DEDF09",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114224",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"id": "VAR-201805-0210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
}
],
"trust": 1.7055555666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
}
]
},
"last_update_date": "2023-12-18T13:13:54.162000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-060-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_name=sevd-2017-060-01+scada+expert+clearscada.pdf\u0026p_doc_ref=sevd-2017-060-01"
},
{
"title": "Schneider Electric ClearSCADA Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91450"
},
{
"title": "Schneider Electric ClearSCADA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99646"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-068-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96768"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6021"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6021"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36057"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-114224"
},
{
"date": "2017-03-09T00:00:00",
"db": "BID",
"id": "96768"
},
{
"date": "2018-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"date": "2018-05-14T14:29:00.193000",
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114224"
},
{
"date": "2017-03-16T00:02:00",
"db": "BID",
"id": "96768"
},
{
"date": "2018-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"date": "2019-10-09T23:28:34.323000",
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
],
"trust": 0.8
}
}
VAR-202105-0419
Vulnerability from variot - Updated: 2023-12-18 12:49Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes. Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) is a set of data acquisition and monitoring software (SCADA) of French Schneider Electric (Schneider Electric)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0419",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7742.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "83.7742.1 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "83.7742.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"cve": "CVE-2021-22741",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-22741",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-381215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22741",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22741",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1735",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-381215",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that \u201c.sde\u201d configuration export files do not contain user account password hashes. Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) is a set of data acquisition and monitoring software (SCADA) of French Schneider Electric (Schneider Electric)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22741"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "VULHUB",
"id": "VHN-381215"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22741",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2021-130-07",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-381215",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
]
},
"id": "VAR-202105-0419",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
}
],
"trust": 0.7287037
},
"last_update_date": "2023-12-18T12:49:12.733000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2021-130-07",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-07"
},
{
"title": "Schneider Electric EcoStruxure Geo SCADA Expert Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152844"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-916",
"trust": 1.1
},
{
"problemtype": "Using weak password hashes (CWE-916) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-07"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22741\u00a5"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-381215"
},
{
"date": "2022-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"date": "2021-05-26T20:15:09.253000",
"db": "NVD",
"id": "CVE-2021-22741"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-381215"
},
{
"date": "2022-02-10T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"date": "2021-06-07T17:10:01.570000",
"db": "NVD",
"id": "CVE-2021-22741"
},
{
"date": "2021-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability in the use of inadequately strong password hashes in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
],
"trust": 0.6
}
}
VAR-202202-0238
Vulnerability from variot - Updated: 2023-12-18 12:15A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0238",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"cve": "CVE-2022-24319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-414000",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24319",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-918",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-414000",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24319"
},
{
"db": "VULHUB",
"id": "VHN-414000"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24319",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-05",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414000",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
]
},
"id": "VAR-202202-0238",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
}
],
"trust": 0.7287037
},
"last_update_date": "2023-12-18T12:15:57.623000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EcoStruxure Geo SCADA Expert Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=182226"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0018/mndt-2022-0018.md"
},
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24319"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-414000"
},
{
"date": "2022-02-09T23:15:20.087000",
"db": "NVD",
"id": "CVE-2022-24319"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-414000"
},
{
"date": "2022-04-22T16:01:12.913000",
"db": "NVD",
"id": "CVE-2022-24319"
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EcoStruxure Geo SCADA Expert Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
],
"trust": 0.6
}
}
VAR-202202-0241
Vulnerability from variot - Updated: 2023-12-18 12:15A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"cve": "CVE-2022-24320",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-24320",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-414001",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24320",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24320",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-919",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-414001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24320"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "VULHUB",
"id": "VHN-414001"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24320",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-05",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414001",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
]
},
"id": "VAR-202202-0241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
}
],
"trust": 0.7287037
},
"last_update_date": "2023-12-18T12:15:57.642000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2022-039-05",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"title": "EcoStruxure Geo SCADA Expert Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=182227"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0019/mndt-2022-0019.md"
},
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24320"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-414001"
},
{
"date": "2023-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"date": "2022-02-09T23:15:20.133000",
"db": "NVD",
"id": "CVE-2022-24320"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-414001"
},
{
"date": "2023-05-19T06:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"date": "2022-04-22T16:01:03.597000",
"db": "NVD",
"id": "CVE-2022-24320"
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability related to certificate validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
],
"trust": 0.6
}
}
VAR-202202-0239
Vulnerability from variot - Updated: 2023-12-18 12:15A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0239",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"cve": "CVE-2022-24321",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-24321",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-414002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-24321",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24321",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-921",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414002",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24321"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "VULHUB",
"id": "VHN-414002"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24321",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-05",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414002",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
]
},
"id": "VAR-202202-0239",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
}
],
"trust": 0.7287037
},
"last_update_date": "2023-12-18T12:15:57.577000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2022-039-05",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"title": "EcoStruxure Geo SCADA Expert Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=182516"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.1
},
{
"problemtype": "Improper checking in exceptional conditions (CWE-754) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24321"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-414002"
},
{
"date": "2023-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"date": "2022-02-09T23:15:20.180000",
"db": "NVD",
"id": "CVE-2022-24321"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-414002"
},
{
"date": "2023-05-19T06:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"date": "2022-02-16T19:43:44.470000",
"db": "NVD",
"id": "CVE-2022-24321"
},
{
"date": "2022-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Product Exceptional State Check Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
],
"trust": 0.6
}
}
VAR-202202-0240
Vulnerability from variot - Updated: 2023-12-18 12:15A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0240",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"cve": "CVE-2022-24318",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-24318",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-413999",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24318",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24318",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-920",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413999",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24318"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "VULHUB",
"id": "VHN-413999"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24318",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-05",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-413999",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
]
},
"id": "VAR-202202-0240",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
}
],
"trust": 0.7287037
},
"last_update_date": "2023-12-18T12:15:57.601000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2022-039-05",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"title": "EcoStruxure Geo SCADA Expert Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=182725"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24318"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-413999"
},
{
"date": "2023-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"date": "2022-02-09T23:15:20.037000",
"db": "NVD",
"id": "CVE-2022-24318"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-413999"
},
{
"date": "2023-05-26T09:33:00",
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"date": "2022-02-17T04:08:06.347000",
"db": "NVD",
"id": "CVE-2022-24318"
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability related to encryption strength in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
],
"trust": 0.6
}
}
CVE-2023-0595 (GCVE-0-2023-0595)
Vulnerability from cvelistv5 – Published: 2023-02-24 00:00 – Updated: 2025-02-05 20:06
VLAI?
Summary
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)
Severity ?
5.3 (Medium)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | EcoStruxure Geo SCADA Expert 2019 |
Affected:
All , ≤ October 2022
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-01.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:54:54.186453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:06:14.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2019",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2020",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2021",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ClearSCADA ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server\u0027s database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)\u003c/p\u003e"
}
],
"value": "A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server\u0027s database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:15:26.476Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-0595",
"datePublished": "2023-02-24T00:00:00.000Z",
"dateReserved": "2023-01-31T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:06:14.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5412 (GCVE-0-2014-5412)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:56
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Improper Authentication
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:56:12.970Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5412",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:56:12.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5411 (GCVE-0-2014-5411)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:53
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:53:17.900Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5411",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:53:17.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5413 (GCVE-0-2014-5413)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:59
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:59:00.297Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAsset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\u003c/p\u003e\n\u003cp\u003eTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Asset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\n\n\nTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5413",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:59:00.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-0779 (GCVE-0-2014-0779)
Vulnerability from cvelistv5 – Published: 2014-03-14 10:00 – Updated: 2025-09-24 21:33
VLAI?
Title
Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R2 (build 71.4165)
Affected: 2010 R2.1 (build 71.4325) Affected: 2010 R3 (build 72.4560) Affected: 2010 R3.1 (build 72.4644) |
|||||||
|
|||||||||
Credits
Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R2 (build 71.4165)"
},
{
"status": "affected",
"version": "2010 R2.1 (build 71.4325)"
},
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-03-13T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).\u003c/p\u003e"
}
],
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:33:37.552Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric recommends that customers using the vulnerable product versions to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\u003c/li\u003e\n\u003cli\u003eGuidance and assistance is available from Schneider Electric Technical Application Support at:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/\"\u003ehttp://products.schneider-electric.us/products-services/services/automation-and-control-services/tel...\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eKepware has confirmed this vulnerability is not present in KepServerEX V5.\u003c/p\u003e\n\u003cp\u003eThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric recommends that customers using the vulnerable product versions to:\n\n\n\n * Uninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\n\n * Guidance and assistance is available from Schneider Electric Technical Application Support at:\n\n\n\n\n http://products.schneider-electric.us/products-services/services/automation-and-control-services/tel... http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/ .\n\n\nKepware has confirmed this vulnerability is not present in KepServerEX V5.\n\n\nThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01 ."
}
],
"source": {
"advisory": "ICSA-14-072-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0779",
"datePublished": "2014-03-14T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:33:37.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0595 (GCVE-0-2023-0595)
Vulnerability from nvd – Published: 2023-02-24 00:00 – Updated: 2025-02-05 20:06
VLAI?
Summary
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)
Severity ?
5.3 (Medium)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | EcoStruxure Geo SCADA Expert 2019 |
Affected:
All , ≤ October 2022
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-01.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:54:54.186453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:06:14.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2019",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2020",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2021",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ClearSCADA ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server\u0027s database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)\u003c/p\u003e"
}
],
"value": "A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server\u0027s database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:15:26.476Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-0595",
"datePublished": "2023-02-24T00:00:00.000Z",
"dateReserved": "2023-01-31T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:06:14.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5412 (GCVE-0-2014-5412)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:56
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Improper Authentication
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:56:12.970Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5412",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:56:12.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5411 (GCVE-0-2014-5411)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:53
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:53:17.900Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5411",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:53:17.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5413 (GCVE-0-2014-5413)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:59
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:59:00.297Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAsset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\u003c/p\u003e\n\u003cp\u003eTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Asset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\n\n\nTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5413",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:59:00.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-0779 (GCVE-0-2014-0779)
Vulnerability from nvd – Published: 2014-03-14 10:00 – Updated: 2025-09-24 21:33
VLAI?
Title
Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R2 (build 71.4165)
Affected: 2010 R2.1 (build 71.4325) Affected: 2010 R3 (build 72.4560) Affected: 2010 R3.1 (build 72.4644) |
|||||||
|
|||||||||
Credits
Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R2 (build 71.4165)"
},
{
"status": "affected",
"version": "2010 R2.1 (build 71.4325)"
},
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-03-13T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).\u003c/p\u003e"
}
],
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:33:37.552Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric recommends that customers using the vulnerable product versions to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\u003c/li\u003e\n\u003cli\u003eGuidance and assistance is available from Schneider Electric Technical Application Support at:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/\"\u003ehttp://products.schneider-electric.us/products-services/services/automation-and-control-services/tel...\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eKepware has confirmed this vulnerability is not present in KepServerEX V5.\u003c/p\u003e\n\u003cp\u003eThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric recommends that customers using the vulnerable product versions to:\n\n\n\n * Uninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\n\n * Guidance and assistance is available from Schneider Electric Technical Application Support at:\n\n\n\n\n http://products.schneider-electric.us/products-services/services/automation-and-control-services/tel... http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/ .\n\n\nKepware has confirmed this vulnerability is not present in KepServerEX V5.\n\n\nThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01 ."
}
],
"source": {
"advisory": "ICSA-14-072-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0779",
"datePublished": "2014-03-14T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:33:37.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}