Ecostruxure Geo Scada Expert 2019
CVE-2023-22611
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)
AnalysisAI
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022) Affected products include: Schneider-Electric Ecostruxure Geo Scada Expert 2019, Schneider-Electric Ecostruxure Geo Scada Expert 2020, Schneider-Electric Ecostruxure Geo Scada Expert 2021.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original rele
A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxu
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log fi
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today