Skip to main content

Clearscada

8 CVEs product

Monthly

CVE-2023-0595 MEDIUM This Month

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clearscada Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020 Ecostruxure Geo Scada Expert 2021
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-22741 MEDIUM PATCH This Month

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Clearscada Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2017-9962 HIGH This Week

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Clearscada
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2014-5413 MEDIUM This Month

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Clearscada Scada Expert Clearscada
NVD GitHub
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-5412 MEDIUM This Month

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Clearscada Scada Expert Clearscada
NVD GitHub
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-5411 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Schneider Electric Clearscada Scada Expert Clearscada
NVD GitHub
CVSS 2.0
4.9
EPSS
0.5%
CVE-2014-0779 MEDIUM This Month

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Schneider Electric Buffer Overflow Clearscada
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2013-6142 MEDIUM This Month

DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Schneider Electric Clearscada
NVD
CVSS 2.0
4.3
EPSS
0.6%
EPSS 0% CVSS 5.3
MEDIUM This Month

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clearscada Ecostruxure Geo Scada Expert 2019 +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Clearscada Ecostruxure Geo Scada Expert 2019 +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Clearscada
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Clearscada +1
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM This Month

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Clearscada +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Schneider Electric Clearscada +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Schneider Electric Buffer Overflow +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Schneider Electric Clearscada
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy