Search criteria
36 vulnerabilities found for clearscada by aveva
VAR-201401-0246
Vulnerability from variot - Updated: 2023-12-18 14:06DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "electric clearscada r2 r3.1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010-2010"
},
{
"model": "electric scada expert clearscada r1 r1.2",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013-2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "64813"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-6142",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00429",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-66144",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6142",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-66144"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6142",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-014-01",
"trust": 3.4
},
{
"db": "BID",
"id": "64813",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00429",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850",
"trust": 0.8
},
{
"db": "IVD",
"id": "4AD3B3E4-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-66144",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"id": "VAR-201401-0246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
}
],
"trust": 1.7333333400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
}
]
},
"last_update_date": "2023-12-18T14:06:13.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA - SCADA software for telemetry and remote SCADA applications",
"trust": 0.8,
"url": "http://www.schneider-electric.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42539"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-014-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6142"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6142"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-17T00:00:00",
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"date": "2014-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-66144"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64813"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"date": "2014-01-15T16:11:08.363000",
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-66144"
},
{
"date": "2015-03-19T08:34:00",
"db": "BID",
"id": "64813"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"date": "2018-12-31T14:23:16.730000",
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
],
"trust": 0.8
}
}
VAR-201709-1079
Vulnerability from variot - Updated: 2023-12-18 13:57Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2017"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2010",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"cve": "CVE-2017-9962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9962",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35027",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-118165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9962",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9962",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-35027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118165",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9962",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-264-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2017-35027",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "37698",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DE969E-39AB-11E9-A4AE-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7AD47499-BDFC-4EBC-ABE2-88ED69C51BAE",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118165",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"id": "VAR-201709-1079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
]
},
"last_update_date": "2023-12-18T13:57:15.786000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-264-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-264-01"
},
{
"title": "Schneider Electric ClearSCADA Memory Allocation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/106694"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-264-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9962"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37698"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2017-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2017-09-26T01:29:04.037000",
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2018-12-31T14:23:14.183000",
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"date": "2017-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Memory allocation vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 1.0
}
}
VAR-201409-0722
Vulnerability from variot - Updated: 2023-12-18 13:48Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0722",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4560)"
},
{
"model": "electric clearscada r3.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4644)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4729)"
},
{
"model": "electric scada expert clearscada r1.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4832)"
},
{
"model": "electric scada expert clearscada r1.1a (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4903)"
},
{
"model": "electric scada expert clearscada r1.2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4955)"
},
{
"model": "electric scada expert clearscada r2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5094)"
},
{
"model": "electric scada expert clearscada r2.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5192)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201475.5210)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2014"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "80073"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-5411",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-06196",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-73352",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5411",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2014-06196",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-73352",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5411",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2014-06196",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "111238",
"trust": 0.6
},
{
"db": "BID",
"id": "80073",
"trust": 0.4
},
{
"db": "IVD",
"id": "770608EC-1EB9-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "DCDEEBB0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73352",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"id": "VAR-201409-0722",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 1.9833333400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
]
},
"last_update_date": "2023-12-18T13:48:57.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Patch for Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50244"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5411"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5411"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/111238"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2014-09-18T10:55:11.640000",
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
}
}
VAR-201409-0723
Vulnerability from variot - Updated: 2023-12-18 13:48Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CERT",
"sources": [
{
"db": "BID",
"id": "69840"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5412",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5412",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06087",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5412",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5412",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.8
},
{
"db": "BID",
"id": "69840",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "DCF002D8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73353",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"id": "VAR-201409-0723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
]
},
"last_update_date": "2023-12-18T13:48:57.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5412"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5412"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69840"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2014-09-18T10:55:11.687000",
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2015-03-19T08:46:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Remote Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
}
}
VAR-201409-0724
Vulnerability from variot - Updated: 2023-12-18 13:48Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0724",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3-2014 r1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "69842"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5413",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5413",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06121",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73354",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5413",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73354",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5413",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.5
},
{
"db": "BID",
"id": "69842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284",
"trust": 0.8
},
{
"db": "IVD",
"id": "DCFE0734-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73354",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"id": "VAR-201409-0724",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
}
]
},
"last_update_date": "2023-12-18T13:48:57.686000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=clearscada\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA has patches for remote unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5413"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5413"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2014-09-18T10:55:11.733000",
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-10-08T07:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Vulnerable to server impersonation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
}
}
VAR-201108-0128
Vulnerability from variot - Updated: 2023-12-18 13:40Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. Control Microsystems is Schneider Electric, a global provider of SCADA hardware and software products. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. There are several security vulnerabilities in ClearSCADA: 1. There is a heap-based buffer overflow for ClearSCADA applications, and a type heap overflow for overflow after release. Sending a legal message containing a very long string can trigger heap corruption. 2, ClearSCADA provides a WEB interface that supports HTTP and HTTPS. By default, the ClearSCADA server uses HTTP, which allows anyone to obtain plaintext authentication information by sniffing. 3. There is a reflective cross-site scripting attack on the WEB interface. With this vulnerability, an attacker can directly inject malicious code into a user's browser session. The parameter returned to the user is missing filtering. Attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Control Microsystems ClearSCADA is prone to multiple remote vulnerabilities, including: 1. An information-disclosure vulnerability An attacker can exploit these issues to execute arbitrary code with elevated privileges, execute arbitrary script code within the context of the webserver, steal cookie-based authentication credentials, and gain access to sensitive information. Other attacks are also possible. The following products are affected: ClearSCADA 2005 ClearSCADA 2007 ClearSCADA 2009. ClearSCADA The application has a use error after release. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: ClearSCADA Cross-Site Scripting and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA44955
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44955
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/44955/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44955/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44955
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in ClearSCADA, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
The vulnerabilities are reported the following products: * ClearSCADA 2005 (all versions) * ClearSCADA 2007 (all versions) * ClearSCADA 2009 (all versions except R2.3 and R1.4)
SOLUTION: Update to a fixed version. Please see the CERT advisory for more information.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Digital Bond.
ORIGINAL ADVISORY: Digital Bond: http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/ http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/
US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201108-0128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.2,
"vendor": "clearscada",
"version": "2005/2007/2009"
},
{
"model": "scx 68",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "r3.9"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2005"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2007"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2009"
},
{
"model": "scx 67",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "r4.5"
},
{
"model": "clearscada 2005",
"scope": null,
"trust": 0.8,
"vendor": "control microsystems",
"version": null
},
{
"model": "clearscada 2007",
"scope": null,
"trust": 0.8,
"vendor": "control microsystems",
"version": null
},
{
"model": "clearscada 2009",
"scope": "lt",
"trust": 0.8,
"vendor": "control microsystems",
"version": "r1.4"
},
{
"model": "clearscada 2009",
"scope": "lt",
"trust": 0.8,
"vendor": "control microsystems",
"version": "r2.3"
},
{
"model": "scx",
"scope": "lt",
"trust": 0.8,
"vendor": "serck control",
"version": "67 r4.5"
},
{
"model": "scx",
"scope": "lt",
"trust": 0.8,
"vendor": "serck control",
"version": "68 r3.9"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "control",
"version": "2009"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "control",
"version": "2007"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "control",
"version": "2005"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r2.2"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.2"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.1"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.0"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r2.1"
},
{
"model": "clearscada 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.4"
},
{
"model": "scx",
"scope": "eq",
"trust": 0.6,
"vendor": "serck controls",
"version": "68"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.3"
},
{
"model": "scx",
"scope": "eq",
"trust": 0.6,
"vendor": "serck controls",
"version": "67"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2009"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scx 67",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scx 68",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2005/2007/2009"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "control",
"version": "20090"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "control",
"version": "20070"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "control",
"version": "20050"
},
{
"model": "microsystems clearscada r1.4",
"scope": "ne",
"trust": 0.3,
"vendor": "control",
"version": "2010"
},
{
"model": "microsystems clearscada",
"scope": "ne",
"trust": 0.3,
"vendor": "control",
"version": "20092.3"
},
{
"model": "microsystems clearscada",
"scope": "ne",
"trust": 0.3,
"vendor": "control",
"version": "20091"
}
],
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digital Bond",
"sources": [
{
"db": "BID",
"id": "46312"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3143",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "27070a74-1f92-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-51088",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3143",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201108-286",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-51088",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. Control Microsystems is Schneider Electric, a global provider of SCADA hardware and software products. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. There are several security vulnerabilities in ClearSCADA: 1. There is a heap-based buffer overflow for ClearSCADA applications, and a type heap overflow for overflow after release. Sending a legal message containing a very long string can trigger heap corruption. 2, ClearSCADA provides a WEB interface that supports HTTP and HTTPS. By default, the ClearSCADA server uses HTTP, which allows anyone to obtain plaintext authentication information by sniffing. 3. There is a reflective cross-site scripting attack on the WEB interface. With this vulnerability, an attacker can directly inject malicious code into a user\u0027s browser session. The parameter returned to the user is missing filtering. Attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Control Microsystems ClearSCADA is prone to multiple remote vulnerabilities, including:\n1. An information-disclosure vulnerability\nAn attacker can exploit these issues to execute arbitrary code with elevated privileges, execute arbitrary script code within the context of the webserver, steal cookie-based authentication credentials, and gain access to sensitive information. Other attacks are also possible. \nThe following products are affected:\nClearSCADA 2005\nClearSCADA 2007\nClearSCADA 2009. ClearSCADA The application has a use error after release. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nClearSCADA Cross-Site Scripting and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44955\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44955/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44955/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44955/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in ClearSCADA, which can be\nexploited by malicious people to conduct cross-site scripting attacks\nand compromise a vulnerable system. \n\nThe vulnerabilities are reported the following products:\n* ClearSCADA 2005 (all versions)\n* ClearSCADA 2007 (all versions)\n* ClearSCADA 2009 (all versions except R2.3 and R1.4)\n\nSOLUTION:\nUpdate to a fixed version. Please see the CERT advisory for more\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Digital Bond. \n\nORIGINAL ADVISORY:\nDigital Bond:\nhttp://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/\nhttp://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/\n\nUS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "PACKETSTORM",
"id": "102344"
}
],
"trust": 4.41
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-51088",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51088"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3143",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "44955",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-10-314-01A",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-10-314-01",
"trust": 2.5
},
{
"db": "BID",
"id": "46312",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "72989",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-0506",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-2309",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-2308",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495",
"trust": 0.8
},
{
"db": "IVD",
"id": "DDB570C8-1F9F-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "27070A74-1F92-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "28D182C6-1F92-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7D7A14-463F-11E9-9E9F-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-51088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102344",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
]
},
"id": "VAR-201108-0128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51088"
}
],
"trust": 3.5571428700000003
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.6
}
],
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
}
]
},
"last_update_date": "2023-12-18T13:40:09.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.clearscada.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.serck-controls.com/"
},
{
"title": "Patch for ClearSCADA Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4144"
},
{
"title": "Control Microsystems ClearSCADA has multiple patches for security vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/2852"
},
{
"title": "Patch for ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-314-01a.pdf"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-314-01.pdf"
},
{
"trust": 1.8,
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/72989"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44955"
},
{
"trust": 1.3,
"url": "http://secunia.com/advisories/44955/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/46312"
},
{
"trust": 0.9,
"url": "http://www.vupen.com/english/reference-2011-0356-1.php"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3143"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3143"
},
{
"trust": 0.3,
"url": "http://www.clearscada.com/index.cfm"
},
{
"trust": 0.3,
"url": "http://www.clearscada.com/services-support/software-updates/"
},
{
"trust": 0.1,
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44955/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-02-11T00:00:00",
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"date": "2011-06-17T00:00:00",
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"date": "2011-06-17T00:00:00",
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"date": "2011-02-11T00:00:00",
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"date": "2011-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"date": "2011-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-51088"
},
{
"date": "2011-02-10T00:00:00",
"db": "BID",
"id": "46312"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"date": "2011-06-16T10:28:00",
"db": "PACKETSTORM",
"id": "102344"
},
{
"date": "2011-08-16T21:55:01.350000",
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"date": "2011-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"date": "2011-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-51088"
},
{
"date": "2015-07-15T00:13:00",
"db": "BID",
"id": "46312"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"date": "2018-12-31T14:23:16.200000",
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"date": "2011-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClearSCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
],
"trust": 1.0
}
}
VAR-201108-0129
Vulnerability from variot - Updated: 2023-12-18 13:40Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The ClearSCADA application has a post-release usage error, sending a long string can trigger a heap-based buffer overflow, and successfully exploiting the vulnerability can execute arbitrary code in the application context. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA has a cross-site scripting vulnerability. Some unspecified input lacks filtering before returning users. Attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack user sessions. ClearSCADA The application has a use error after release. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: ClearSCADA Cross-Site Scripting and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA44955
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44955
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/44955/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44955/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44955
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in ClearSCADA, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
The vulnerabilities are reported the following products: * ClearSCADA 2005 (all versions) * ClearSCADA 2007 (all versions) * ClearSCADA 2009 (all versions except R2.3 and R1.4)
SOLUTION: Update to a fixed version. Please see the CERT advisory for more information.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Digital Bond.
ORIGINAL ADVISORY: Digital Bond: http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/ http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/
US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201108-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.2,
"vendor": "clearscada",
"version": "2005/2007/2009"
},
{
"model": "scx 68",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "r3.9"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2005"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2007"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2009"
},
{
"model": "scx 67",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "r4.5"
},
{
"model": "clearscada 2005",
"scope": null,
"trust": 0.8,
"vendor": "control microsystems",
"version": null
},
{
"model": "clearscada 2007",
"scope": null,
"trust": 0.8,
"vendor": "control microsystems",
"version": null
},
{
"model": "clearscada 2009",
"scope": "lt",
"trust": 0.8,
"vendor": "control microsystems",
"version": "r1.4"
},
{
"model": "clearscada 2009",
"scope": "lt",
"trust": 0.8,
"vendor": "control microsystems",
"version": "r2.3"
},
{
"model": "scx",
"scope": "lt",
"trust": 0.8,
"vendor": "serck control",
"version": "67 r4.5"
},
{
"model": "scx",
"scope": "lt",
"trust": 0.8,
"vendor": "serck control",
"version": "68 r3.9"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "2.1"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "2.0"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.3"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.0"
},
{
"model": "clearscada 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.2"
},
{
"model": "clearscada 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.4"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.1"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "2.2"
},
{
"model": "clearscada 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.3"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2005/2007/2009"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20091.2.2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20092.2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20092.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20092.0"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20091.3"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20091.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20091.0"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.2.2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.4"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.3"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.0"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20070.2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20070.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20070"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20051.0"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20050"
}
],
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73823"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3144",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-3144",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "27070a74-1f92-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-51089",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3144",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201108-287",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-51089",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The ClearSCADA application has a post-release usage error, sending a long string can trigger a heap-based buffer overflow, and successfully exploiting the vulnerability can execute arbitrary code in the application context. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA has a cross-site scripting vulnerability. Some unspecified input lacks filtering before returning users. Attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack user sessions. ClearSCADA The application has a use error after release. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nClearSCADA Cross-Site Scripting and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44955\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44955/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44955/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44955/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in ClearSCADA, which can be\nexploited by malicious people to conduct cross-site scripting attacks\nand compromise a vulnerable system. \n\nThe vulnerabilities are reported the following products:\n* ClearSCADA 2005 (all versions)\n* ClearSCADA 2007 (all versions)\n* ClearSCADA 2009 (all versions except R2.3 and R1.4)\n\nSOLUTION:\nUpdate to a fixed version. Please see the CERT advisory for more\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Digital Bond. \n\nORIGINAL ADVISORY:\nDigital Bond:\nhttp://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/\nhttp://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/\n\nUS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "PACKETSTORM",
"id": "102344"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "44955",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-10-314-01A",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-10-314-01",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2011-3144",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "72987",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2011-2309",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-2308",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287",
"trust": 0.7
},
{
"db": "BID",
"id": "73823",
"trust": 0.4
},
{
"db": "IVD",
"id": "27070A74-1F92-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "28D182C6-1F92-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-51089",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102344",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
]
},
"id": "VAR-201108-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51089"
}
],
"trust": 0.16999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
}
]
},
"last_update_date": "2023-12-18T13:40:09.894000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.clearscada.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.serck-controls.com/"
},
{
"title": "Patch for ClearSCADA Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4144"
},
{
"title": "Patch for ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-314-01a.pdf"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-314-01.pdf"
},
{
"trust": 2.1,
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/72987"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44955"
},
{
"trust": 1.3,
"url": "http://secunia.com/advisories/44955/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3144"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3144"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44955/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-17T00:00:00",
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"date": "2011-06-17T00:00:00",
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"date": "2011-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-51089"
},
{
"date": "2011-08-16T00:00:00",
"db": "BID",
"id": "73823"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"date": "2011-06-16T10:28:00",
"db": "PACKETSTORM",
"id": "102344"
},
{
"date": "2011-08-16T21:55:01.427000",
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"date": "2011-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-51089"
},
{
"date": "2011-08-16T00:00:00",
"db": "BID",
"id": "73823"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"date": "2018-12-31T14:23:16.200000",
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"date": "2011-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClearSCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
],
"trust": 0.7
}
}
VAR-201403-0444
Vulnerability from variot - Updated: 2023-12-18 13:29The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \"PLC Driver\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013"
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Brooks",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "BID",
"id": "65476"
}
],
"trust": 1.0
},
"cve": "CVE-2014-0779",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0779",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01024",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0779",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-0779",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \\\"PLC Driver\\\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0779",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-072-01",
"trust": 2.5
},
{
"db": "BID",
"id": "65476",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1876",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-059",
"trust": 0.7
},
{
"db": "IVD",
"id": "285FDC02-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68272",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"id": "VAR-201403-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
}
]
},
"last_update_date": "2023-12-18T13:29:46.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD 2014-024-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0779"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0779"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/65476"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2014-01-24T00:00:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2014-03-14T10:55:05.803000",
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2015-03-19T09:33:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2018-12-31T14:23:16.887000",
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA of Kepware KepServerEX 4 Component ServerMain.exe Inside PLC Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.8
}
}
VAR-201805-0210
Vulnerability from variot - Updated: 2023-12-18 13:13In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Schneider Electric ClearSCADA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. The following versions are affected: ClearSCADA 2014 R1 (build 75.5210) and earlier, ClearSCADA 2014 R1.1 (build 75.5387) and earlier, ClearSCADA 2015 R1 (build 76.5648) and earlier, ClearSCADA 2015 R2 (build 77.5882) and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1.1 (build 75.5387)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2015 r1 (build 76.5648)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2015 r2 (build 77.5882)"
},
{
"model": "electric clearscada",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2015"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201072.4560"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201071.4325"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201071.4165"
},
{
"model": "clearscada r3.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201577.58"
},
{
"model": "clearscada r1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201576.56"
},
{
"model": "clearscada r1.1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201475."
},
{
"model": "clearscada r1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201475.52"
},
{
"model": "clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2 hotfix build",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada r1.1 sp (build",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada r1.1 hotfix bui",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2014:r1.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2014:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2010",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2015:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2010",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2015:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov and Vladimir Dashchenko of Kapersky Lab??s Critical Infrastructure Defense Team",
"sources": [
{
"db": "BID",
"id": "96768"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6021",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03833",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "02487795-6c68-4ccc-a502-44cc37dedf09",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114224",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6021",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6021",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-03833",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-591",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114224",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Schneider Electric ClearSCADA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. The following versions are affected: ClearSCADA 2014 R1 (build 75.5210) and earlier, ClearSCADA 2014 R1.1 (build 75.5387) and earlier, ClearSCADA 2015 R1 (build 76.5648) and earlier, ClearSCADA 2015 R2 (build 77.5882) and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "VULHUB",
"id": "VHN-114224"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6021",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-068-01",
"trust": 2.8
},
{
"db": "BID",
"id": "96768",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-03833",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "36057",
"trust": 0.6
},
{
"db": "IVD",
"id": "02487795-6C68-4CCC-A502-44CC37DEDF09",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114224",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"id": "VAR-201805-0210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
}
],
"trust": 1.7055555666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
}
]
},
"last_update_date": "2023-12-18T13:13:54.162000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-060-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_name=sevd-2017-060-01+scada+expert+clearscada.pdf\u0026p_doc_ref=sevd-2017-060-01"
},
{
"title": "Schneider Electric ClearSCADA Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91450"
},
{
"title": "Schneider Electric ClearSCADA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99646"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-068-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96768"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6021"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6021"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36057"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-114224"
},
{
"date": "2017-03-09T00:00:00",
"db": "BID",
"id": "96768"
},
{
"date": "2018-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"date": "2018-05-14T14:29:00.193000",
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114224"
},
{
"date": "2017-03-16T00:02:00",
"db": "BID",
"id": "96768"
},
{
"date": "2018-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"date": "2019-10-09T23:28:34.323000",
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
],
"trust": 0.8
}
}
FKIE_CVE-2017-6021
Vulnerability from fkie_nvd - Published: 2018-05-14 14:29 - Updated: 2024-11-21 03:28
Severity ?
Summary
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/96768 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96768 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | * | |
| schneider-electric | clearscada | 2014 | |
| schneider-electric | clearscada | 2014 | |
| aveva | clearscada | * | |
| schneider-electric | clearscada | 2015 | |
| schneider-electric | clearscada | 2015 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF38D64-EC72-4D39-80BB-4B3958C18B8B",
"versionEndIncluding": "2010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:clearscada:2014:r1:*:*:*:*:*:*",
"matchCriteriaId": "441BA0DB-0BF8-4CDC-9715-9E5227954061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:clearscada:2014:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "CB2497FA-9965-4C1A-B9F8-34FC76F0A552",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF38D64-EC72-4D39-80BB-4B3958C18B8B",
"versionEndIncluding": "2010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:clearscada:2015:r1:*:*:*:*:*:*",
"matchCriteriaId": "AFE9EABB-597E-4198-9C2D-3886A969483D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:clearscada:2015:r2:*:*:*:*:*:*",
"matchCriteriaId": "23FD329C-7118-44C1-8BE2-EED715564C2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "En Schneider Electric ClearSCADA 2014 R1 (build 75.5210) y anteriores, 2014 R1.1 (build 75.5387) y anteriores, 2015 R1 (build 76.5648) y anteriores y 2015 R2 (build 77.5882) y anteriores, un atacante con acceso de red al servidor ClearSCADA puede enviar secuencias de comandos especialmente manipuladas y paquetes de datos al servidor ClearSCADA que pueden provocar que el proceso del servidor ClearSCADA y los procesos del controlador de comunicaciones ClearSCADA finalicen. Se ha calculado una puntuaci\u00f3n base de CVSS v3 de 7.5; la cadena de vector CVSS es (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2017-6021",
"lastModified": "2024-11-21T03:28:55.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-14T14:29:00.193",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9962
Vulnerability from fkie_nvd - Published: 2017-09-26 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@se.com | http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/ | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/ | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF38D64-EC72-4D39-80BB-4B3958C18B8B",
"versionEndIncluding": "2010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon."
},
{
"lang": "es",
"value": "Las versiones anteriores a agosto 2017 de ClearSCADA de Schneider Electric son susceptibles a una vulnerabilidad de asignaci\u00f3n de memoria en la que se podr\u00edan enviar peticiones mal formadas a las aplicaciones cliente de ClearSCADA para provocar un comportamiento inesperado. Las aplicaciones cliente afectadas son ViewX y el icono de servidor."
}
],
"id": "CVE-2017-9962",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-26T01:29:04.037",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-5413
Vulnerability from fkie_nvd - Published: 2014-09-18 10:55 - Updated: 2025-11-04 23:15
Severity ?
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2014 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
},
{
"lang": "es",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 hasta 2014 R1 utiliza el algoritmo MD5 para certificados X.509, lo cual facilita a atacantes remotos falsificar servidores a trav\u00e9s de ataques criptogr\u00e1ficos contra este algoritmo"
}
],
"id": "CVE-2014-5413",
"lastModified": "2025-11-04T23:15:33.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-18T10:55:11.733",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-5411
Vulnerability from fkie_nvd - Published: 2014-09-18 10:55 - Updated: 2025-11-04 23:15
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2014 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 hasta 2014 R1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-5411",
"lastModified": "2025-11-04T23:15:33.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": true
},
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-18T10:55:11.640",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-5412
Vulnerability from fkie_nvd - Published: 2014-09-18 10:55 - Updated: 2025-11-04 23:15
Severity ?
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2014 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
},
{
"lang": "es",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA versiones desde 2010 R3 hasta 2014 R1 permite a atacantes remotos leer registros de la base de datos a trav\u00e9s del acceso con la cuenta de invitado."
}
],
"id": "CVE-2014-5412",
"lastModified": "2025-11-04T23:15:33.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-18T10:55:11.687",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-0779
Vulnerability from fkie_nvd - Published: 2014-03-14 10:55 - Updated: 2025-09-24 22:15
Severity ?
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"matchCriteriaId": "0A01B1BA-9515-40F7-A3CF-83D387868470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "EAC05F7C-4F5B-4045-ACFD-1239AEAED3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
},
{
"lang": "es",
"value": "El controlador PLC en ServerMain.exe en el componente Kepware KepServerEX 4 en Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955 y 2013 R2 build 74.5094 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo OPF manipulado (tambi\u00e9n conocido como archivo de proyecto)."
}
],
"id": "CVE-2014-0779",
"lastModified": "2025-09-24T22:15:35.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": true
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T10:55:05.803",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2013-6142
Vulnerability from fkie_nvd - Published: 2014-01-15 16:11 - Updated: 2025-04-11 00:51
Severity ?
Summary
DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"matchCriteriaId": "0A01B1BA-9515-40F7-A3CF-83D387868470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "EAC05F7C-4F5B-4045-ACFD-1239AEAED3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
},
{
"lang": "es",
"value": "DNP3Driver.exe en el controlador DNP3 en Schneider Electric ClearSCADA 2010 R2 hasta 2010 R3.1 y SCADA Expert ClearSCADA 2013 R1 a 2013 R1.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de paquetes IP que contienen errores que desencadenan mensajes event-journal"
}
],
"id": "CVE-2013-6142",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:11:08.363",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-6021 (GCVE-0-2017-6021)
Vulnerability from cvelistv5 – Published: 2018-05-14 14:00 – Updated: 2024-09-16 22:56
VLAI?
Summary
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- CWE-20 - IMPROPER INPUT VALIDATION CWE-20
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | ClearSCADA |
Affected:
2014 R1 (build 75.5210) and prior
Affected: 2014 R1.1 (build 75.5387) and prior Affected: 2015 R1 (build 76.5648) and prior Affected: 2015 R2 (build 77.5882) and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearSCADA",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "2014 R1 (build 75.5210) and prior"
},
{
"status": "affected",
"version": "2014 R1.1 (build 75.5387) and prior"
},
{
"status": "affected",
"version": "2015 R1 (build 76.5648) and prior"
},
{
"status": "affected",
"version": "2015 R2 (build 77.5882) and prior"
}
]
}
],
"datePublic": "2017-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-15T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "96768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-03-09T00:00:00",
"ID": "CVE-2017-6021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearSCADA",
"version": {
"version_data": [
{
"version_value": "2014 R1 (build 75.5210) and prior"
},
{
"version_value": "2014 R1.1 (build 75.5387) and prior"
},
{
"version_value": "2015 R1 (build 76.5648) and prior"
},
{
"version_value": "2015 R2 (build 77.5882) and prior"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96768"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6021",
"datePublished": "2018-05-14T14:00:00Z",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-09-16T22:56:53.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9962 (GCVE-0-2017-9962)
Vulnerability from cvelistv5 – Published: 2017-09-25 19:00 – Updated: 2024-09-16 19:15
VLAI?
Summary
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.
Severity ?
No CVSS data available.
CWE
- Memory Allocation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | ClearSCADA |
Affected:
2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearSCADA",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions"
}
]
}
],
"datePublic": "2013-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Allocation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T18:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2013-11-21T00:00:00",
"ID": "CVE-2017-9962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearSCADA",
"version": {
"version_data": [
{
"version_value": "2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Allocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-9962",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-06-26T00:00:00",
"dateUpdated": "2024-09-16T19:15:45.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5412 (GCVE-0-2014-5412)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:56
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Improper Authentication
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:56:12.970Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5412",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:56:12.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5411 (GCVE-0-2014-5411)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:53
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:53:17.900Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5411",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:53:17.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5413 (GCVE-0-2014-5413)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:59
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:59:00.297Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAsset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\u003c/p\u003e\n\u003cp\u003eTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Asset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\n\n\nTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5413",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:59:00.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-0779 (GCVE-0-2014-0779)
Vulnerability from cvelistv5 – Published: 2014-03-14 10:00 – Updated: 2025-09-24 21:33
VLAI?
Title
Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R2 (build 71.4165)
Affected: 2010 R2.1 (build 71.4325) Affected: 2010 R3 (build 72.4560) Affected: 2010 R3.1 (build 72.4644) |
|||||||
|
|||||||||
Credits
Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R2 (build 71.4165)"
},
{
"status": "affected",
"version": "2010 R2.1 (build 71.4325)"
},
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-03-13T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).\u003c/p\u003e"
}
],
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:33:37.552Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric recommends that customers using the vulnerable product versions to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\u003c/li\u003e\n\u003cli\u003eGuidance and assistance is available from Schneider Electric Technical Application Support at:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/\"\u003ehttp://products.schneider-electric.us/products-services/services/automation-and-control-services/tel...\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eKepware has confirmed this vulnerability is not present in KepServerEX V5.\u003c/p\u003e\n\u003cp\u003eThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric recommends that customers using the vulnerable product versions to:\n\n\n\n * Uninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\n\n * Guidance and assistance is available from Schneider Electric Technical Application Support at:\n\n\n\n\n http://products.schneider-electric.us/products-services/services/automation-and-control-services/tel... http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/ .\n\n\nKepware has confirmed this vulnerability is not present in KepServerEX V5.\n\n\nThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01 ."
}
],
"source": {
"advisory": "ICSA-14-072-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0779",
"datePublished": "2014-03-14T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:33:37.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6142 (GCVE-0-2013-6142)
Vulnerability from cvelistv5 – Published: 2014-01-15 15:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-15T15:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-6142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-6142",
"datePublished": "2014-01-15T15:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6021 (GCVE-0-2017-6021)
Vulnerability from nvd – Published: 2018-05-14 14:00 – Updated: 2024-09-16 22:56
VLAI?
Summary
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- CWE-20 - IMPROPER INPUT VALIDATION CWE-20
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | ClearSCADA |
Affected:
2014 R1 (build 75.5210) and prior
Affected: 2014 R1.1 (build 75.5387) and prior Affected: 2015 R1 (build 76.5648) and prior Affected: 2015 R2 (build 77.5882) and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearSCADA",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "2014 R1 (build 75.5210) and prior"
},
{
"status": "affected",
"version": "2014 R1.1 (build 75.5387) and prior"
},
{
"status": "affected",
"version": "2015 R1 (build 76.5648) and prior"
},
{
"status": "affected",
"version": "2015 R2 (build 77.5882) and prior"
}
]
}
],
"datePublic": "2017-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-15T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "96768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-03-09T00:00:00",
"ID": "CVE-2017-6021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearSCADA",
"version": {
"version_data": [
{
"version_value": "2014 R1 (build 75.5210) and prior"
},
{
"version_value": "2014 R1.1 (build 75.5387) and prior"
},
{
"version_value": "2015 R1 (build 76.5648) and prior"
},
{
"version_value": "2015 R2 (build 77.5882) and prior"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96768"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6021",
"datePublished": "2018-05-14T14:00:00Z",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-09-16T22:56:53.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9962 (GCVE-0-2017-9962)
Vulnerability from nvd – Published: 2017-09-25 19:00 – Updated: 2024-09-16 19:15
VLAI?
Summary
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.
Severity ?
No CVSS data available.
CWE
- Memory Allocation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | ClearSCADA |
Affected:
2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearSCADA",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions"
}
]
}
],
"datePublic": "2013-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Allocation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T18:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2013-11-21T00:00:00",
"ID": "CVE-2017-9962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearSCADA",
"version": {
"version_data": [
{
"version_value": "2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Allocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-9962",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-06-26T00:00:00",
"dateUpdated": "2024-09-16T19:15:45.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5412 (GCVE-0-2014-5412)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:56
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Improper Authentication
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:56:12.970Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5412",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:56:12.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5411 (GCVE-0-2014-5411)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:53
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:53:17.900Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5411",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:53:17.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5413 (GCVE-0-2014-5413)
Vulnerability from nvd – Published: 2014-09-18 10:00 – Updated: 2025-11-04 22:59
VLAI?
Title
Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R3 (build 72.4560)
Affected: 2010 R3.1 (build 72.4644) Unaffected: 2010 R3.2 |
|||||||
|
|||||||||
Credits
Aditya Sood
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:59:00.297Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAsset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\u003c/p\u003e\n\u003cp\u003eTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Asset owners should always obtain a signed web certificate from a \ncertified authority before deploying ClearSCADA Web Server in a \nproduction environment.\n\n\nTo assist asset owners who are currently using self-signed \ncertificates, a standalone utility will be made available that can be \nused to generate and deploy a new self-signed certificate (signed using \nan SHA signing algorithm). This utility is recommended for existing \nClearSCADA systems subject to this vulnerability, removing the need to \nupgrade the ClearSCADA software and perform a manual generation of a new\n certificate. This utility will be made available within the Software \nDownloads section of the following ClearSCADA Resource Center page:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5413",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:59:00.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-0779 (GCVE-0-2014-0779)
Vulnerability from nvd – Published: 2014-03-14 10:00 – Updated: 2025-09-24 21:33
VLAI?
Title
Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Affected:
2010 R2 (build 71.4165)
Affected: 2010 R2.1 (build 71.4325) Affected: 2010 R3 (build 72.4560) Affected: 2010 R3.1 (build 72.4644) |
|||||||
|
|||||||||
Credits
Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R2 (build 71.4165)"
},
{
"status": "affected",
"version": "2010 R2.1 (build 71.4325)"
},
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-03-13T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).\u003c/p\u003e"
}
],
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:33:37.552Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric recommends that customers using the vulnerable product versions to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\u003c/li\u003e\n\u003cli\u003eGuidance and assistance is available from Schneider Electric Technical Application Support at:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/\"\u003ehttp://products.schneider-electric.us/products-services/services/automation-and-control-services/tel...\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eKepware has confirmed this vulnerability is not present in KepServerEX V5.\u003c/p\u003e\n\u003cp\u003eThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric recommends that customers using the vulnerable product versions to:\n\n\n\n * Uninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\n\n * Guidance and assistance is available from Schneider Electric Technical Application Support at:\n\n\n\n\n http://products.schneider-electric.us/products-services/services/automation-and-control-services/tel... http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/ .\n\n\nKepware has confirmed this vulnerability is not present in KepServerEX V5.\n\n\nThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01 ."
}
],
"source": {
"advisory": "ICSA-14-072-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0779",
"datePublished": "2014-03-14T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:33:37.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6142 (GCVE-0-2013-6142)
Vulnerability from nvd – Published: 2014-01-15 15:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-15T15:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-6142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-6142",
"datePublished": "2014-01-15T15:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}