Search criteria
13 vulnerabilities found for SCADA Expert ClearSCADA by Schneider Electric
VAR-201401-0246
Vulnerability from variot - Updated: 2023-12-18 14:06DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "electric clearscada r2 r3.1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010-2010"
},
{
"model": "electric scada expert clearscada r1 r1.2",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013-2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "64813"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-6142",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00429",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-66144",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6142",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-66144"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6142",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-014-01",
"trust": 3.4
},
{
"db": "BID",
"id": "64813",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00429",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850",
"trust": 0.8
},
{
"db": "IVD",
"id": "4AD3B3E4-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-66144",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"id": "VAR-201401-0246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
}
],
"trust": 1.7333333400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
}
]
},
"last_update_date": "2023-12-18T14:06:13.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA - SCADA software for telemetry and remote SCADA applications",
"trust": 0.8,
"url": "http://www.schneider-electric.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42539"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-014-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6142"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6142"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-17T00:00:00",
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"date": "2014-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-66144"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64813"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"date": "2014-01-15T16:11:08.363000",
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-66144"
},
{
"date": "2015-03-19T08:34:00",
"db": "BID",
"id": "64813"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"date": "2018-12-31T14:23:16.730000",
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
],
"trust": 0.8
}
}
VAR-201409-0724
Vulnerability from variot - Updated: 2023-12-18 13:48Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0724",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3-2014 r1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "69842"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5413",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5413",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06121",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73354",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5413",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73354",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5413",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.5
},
{
"db": "BID",
"id": "69842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284",
"trust": 0.8
},
{
"db": "IVD",
"id": "DCFE0734-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73354",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"id": "VAR-201409-0724",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
}
]
},
"last_update_date": "2023-12-18T13:48:57.686000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA has patches for remote unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5413"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5413"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2014-09-18T10:55:11.733000",
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-10-08T07:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Vulnerable to server impersonation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
}
}
VAR-201409-0723
Vulnerability from variot - Updated: 2023-12-18 13:48Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CERT",
"sources": [
{
"db": "BID",
"id": "69840"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5412",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5412",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06087",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5412",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5412",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.8
},
{
"db": "BID",
"id": "69840",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "DCF002D8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73353",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"id": "VAR-201409-0723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
]
},
"last_update_date": "2023-12-18T13:48:57.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5412"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5412"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69840"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2014-09-18T10:55:11.687000",
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2015-03-19T08:46:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Remote Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
}
}
VAR-201409-0722
Vulnerability from variot - Updated: 2023-12-18 13:48Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0722",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4560)"
},
{
"model": "electric clearscada r3.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4644)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4729)"
},
{
"model": "electric scada expert clearscada r1.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4832)"
},
{
"model": "electric scada expert clearscada r1.1a (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4903)"
},
{
"model": "electric scada expert clearscada r1.2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4955)"
},
{
"model": "electric scada expert clearscada r2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5094)"
},
{
"model": "electric scada expert clearscada r2.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5192)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201475.5210)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2014"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "80073"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-5411",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-06196",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-73352",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5411",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2014-06196",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-73352",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5411",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2014-06196",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "111238",
"trust": 0.6
},
{
"db": "BID",
"id": "80073",
"trust": 0.4
},
{
"db": "IVD",
"id": "770608EC-1EB9-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "DCDEEBB0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73352",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"id": "VAR-201409-0722",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 1.9833333400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
]
},
"last_update_date": "2023-12-18T13:48:57.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Patch for Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50244"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5411"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5411"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/111238"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2014-09-18T10:55:11.640000",
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
}
}
VAR-201403-0444
Vulnerability from variot - Updated: 2023-12-18 13:29The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \"PLC Driver\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013"
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Brooks",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "BID",
"id": "65476"
}
],
"trust": 1.0
},
"cve": "CVE-2014-0779",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0779",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01024",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0779",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-0779",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \\\"PLC Driver\\\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0779",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-072-01",
"trust": 2.5
},
{
"db": "BID",
"id": "65476",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1876",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-059",
"trust": 0.7
},
{
"db": "IVD",
"id": "285FDC02-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68272",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"id": "VAR-201403-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
}
]
},
"last_update_date": "2023-12-18T13:29:46.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD 2014-024-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0779"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0779"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/65476"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2014-01-24T00:00:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2014-03-14T10:55:05.803000",
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2015-03-19T09:33:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA of Kepware KepServerEX 4 Component ServerMain.exe Inside PLC Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.8
}
}
CVE-2014-5412 (GCVE-0-2014-5412)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:56
VLAI?
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:56:12.970Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5412",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:56:12.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5411 (GCVE-0-2014-5411)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:53
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:53:17.900Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5411",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:53:17.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5413 (GCVE-0-2014-5413)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:59
VLAI?
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:59:00.297Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAsset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\u003c/p\u003e\n\u003cp\u003eTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Asset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\n\n\nTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5413",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:59:00.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-0779 (GCVE-0-2014-0779)
Vulnerability from cvelistv5 – Published: 2014-03-14 10:00 – Updated: 2025-09-24 21:33
VLAI?
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R2 (build 71.4165)
Affected: 2010 R2.1 (build 71.4325) Affected: 2010 R3 (build 72.4560) Affected: 2010 R3.1 (build 72.4644) |
|||||||
|
|||||||||
Credits
Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R2 (build 71.4165)"
},
{
"status": "affected",
"version": "2010 R2.1 (build 71.4325)"
},
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-03-13T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).\u003c/p\u003e"
}
],
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:33:37.552Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric recommends that customers using the vulnerable product versions to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\u003c/li\u003e\n\u003cli\u003eGuidance and assistance is available from Schneider Electric Technical Application Support at:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/\"\u003ehttp://products.schneider-electric.us/products-services/services/automation-and-control-services/tel...\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eKepware has confirmed this vulnerability is not present in KepServerEX V5.\u003c/p\u003e\n\u003cp\u003eThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric recommends that customers using the vulnerable product versions to:\n\n\n\n * Uninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\n\n * Guidance and assistance is available from Schneider Electric Technical Application Support at:\n\n\n\n\n http://products.schneider-electric.us/products-services/services/automation-and-control-services/tel... http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/ .\n\n\nKepware has confirmed this vulnerability is not present in KepServerEX V5.\n\n\nThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01 ."
}
],
"source": {
"advisory": "ICSA-14-072-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0779",
"datePublished": "2014-03-14T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:33:37.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5412 (GCVE-0-2014-5412)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:56
VLAI?
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:56:12.970Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5412",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:56:12.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5411 (GCVE-0-2014-5411)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:53
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:53:17.900Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5411",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:53:17.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5413 (GCVE-0-2014-5413)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:59
VLAI?
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:59:00.297Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAsset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\u003c/p\u003e\n\u003cp\u003eTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Asset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\n\n\nTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5413",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:59:00.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-0779 (GCVE-0-2014-0779)
Vulnerability from nvd – Published: 2014-03-14 10:00 – Updated: 2025-09-24 21:33
VLAI?
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R2 (build 71.4165)
Affected: 2010 R2.1 (build 71.4325) Affected: 2010 R3 (build 72.4560) Affected: 2010 R3.1 (build 72.4644) |
|||||||
|
|||||||||
Credits
Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R2 (build 71.4165)"
},
{
"status": "affected",
"version": "2010 R2.1 (build 71.4325)"
},
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-03-13T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).\u003c/p\u003e"
}
],
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:33:37.552Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric recommends that customers using the vulnerable product versions to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\u003c/li\u003e\n\u003cli\u003eGuidance and assistance is available from Schneider Electric Technical Application Support at:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/\"\u003ehttp://products.schneider-electric.us/products-services/services/automation-and-control-services/tel...\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eKepware has confirmed this vulnerability is not present in KepServerEX V5.\u003c/p\u003e\n\u003cp\u003eThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric recommends that customers using the vulnerable product versions to:\n\n\n\n * Uninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\n\n * Guidance and assistance is available from Schneider Electric Technical Application Support at:\n\n\n\n\n http://products.schneider-electric.us/products-services/services/automation-and-control-services/tel... http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/ .\n\n\nKepware has confirmed this vulnerability is not present in KepServerEX V5.\n\n\nThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01 ."
}
],
"source": {
"advisory": "ICSA-14-072-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0779",
"datePublished": "2014-03-14T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:33:37.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}