Vulnerabilites related to Schneider Electric - EcoStruxure Geo SCADA Expert 2020
var-202202-0240
Vulnerability from variot
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0240",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"cve": "CVE-2022-24318",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-24318",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-413999",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24318",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24318",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24318",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-24318",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-920",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413999",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24318"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "VULHUB",
"id": "VHN-413999"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24318",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-05",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-413999",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"id": "VAR-202202-0240",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
}
],
"trust": 0.7287037
},
"last_update_date": "2024-11-23T22:44:05.161000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2022-039-05",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"
},
{
"title": "EcoStruxure Geo SCADA Expert Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182725"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24318"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413999"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
},
{
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-413999"
},
{
"date": "2023-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-920"
},
{
"date": "2022-02-09T23:15:20.037000",
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-413999"
},
{
"date": "2023-05-26T09:33:00",
"db": "JVNDB",
"id": "JVNDB-2022-005332"
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-920"
},
{
"date": "2024-11-21T06:50:09.630000",
"db": "NVD",
"id": "CVE-2022-24318"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability related to encryption strength in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-920"
}
],
"trust": 0.6
}
}
var-202302-1810
Vulnerability from variot
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)
. Schneider Electric of ClearSCADA and EcoStruxure Geo SCADA Expert 2019 contains a vulnerability related to improper logging disablement.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1810",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8218.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7936.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8108.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7980.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7522.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8017.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8155.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8267.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7896.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7840.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7808.2"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7714.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8197.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7322.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8221.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8182.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7613.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7936.2"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7429.2"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7787.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7913.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7980.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8108.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8108.2"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7717.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7641.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7268.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8220.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8155.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7457.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7551.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8197.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8269.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7840.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7875.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7809.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8172.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8120.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8197.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8122.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8027.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7488.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8015.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7692.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7690.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7578.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7545.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7578.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8267.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7777.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7613.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7742.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8122.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7875.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7742.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8181.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7641.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8158.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"cve": "CVE-2023-0595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-0595",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-0595",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-0595",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2023-0595",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-0595",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1985",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server\u0027s database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)\n\n. Schneider Electric of ClearSCADA and EcoStruxure Geo SCADA Expert 2019 contains a vulnerability related to improper logging disablement.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0595"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "VULMON",
"id": "CVE-2023-0595"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-0595",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2023-045-01",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-453650",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-0595",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"id": "VAR-202302-1810",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-453650"
}
],
"trust": 0.7287037
},
"last_update_date": "2024-08-14T15:11:01.255000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EcoStruxure Geo SCADA Expert Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=227643"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-116",
"trust": 1.1
},
{
"problemtype": "CWE-117",
"trust": 1.1
},
{
"problemtype": "Disabling inappropriate logging (CWE-117) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-045-01\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-045-01.pdf"
},
{
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2023-045-01/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0595"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-0595/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/117.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-453650"
},
{
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
},
{
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-453650"
},
{
"date": "2023-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"date": "2023-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"date": "2023-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1985"
},
{
"date": "2023-02-24T11:15:10.643000",
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-453650"
},
{
"date": "2023-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0595"
},
{
"date": "2023-10-31T02:03:00",
"db": "JVNDB",
"id": "JVNDB-2023-004517"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1985"
},
{
"date": "2023-04-18T21:15:07.723000",
"db": "NVD",
"id": "CVE-2023-0595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider\u00a0Electric\u00a0 of \u00a0ClearSCADA\u00a0 and \u00a0EcoStruxure\u00a0Geo\u00a0SCADA\u00a0Expert\u00a02019\u00a0 Vulnerability related to improper log output disabling in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004517"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1985"
}
],
"trust": 0.6
}
}
var-202105-0419
Vulnerability from variot
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes. Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) is a set of data acquisition and monitoring software (SCADA) of French Schneider Electric (Schneider Electric)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0419",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2020",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7742.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "83.7742.1 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"cve": "CVE-2021-22741",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22741",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-381215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2021-22741",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22741",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22741",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-22741",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1735",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-381215",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that \u201c.sde\u201d configuration export files do not contain user account password hashes. Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) is a set of data acquisition and monitoring software (SCADA) of French Schneider Electric (Schneider Electric)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22741"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "VULHUB",
"id": "VHN-381215"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22741",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2021-130-07",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-381215",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"id": "VAR-202105-0419",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
}
],
"trust": 0.7287037
},
"last_update_date": "2024-08-14T15:22:18.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2021-130-07",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-07"
},
{
"title": "Schneider Electric EcoStruxure Geo SCADA Expert Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152844"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-916",
"trust": 1.1
},
{
"problemtype": "Using weak password hashes (CWE-916) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-07"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22741\u00a5"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
},
{
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-381215"
},
{
"date": "2022-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1735"
},
{
"date": "2021-05-26T20:15:09.253000",
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-381215"
},
{
"date": "2022-02-10T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-007428"
},
{
"date": "2021-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1735"
},
{
"date": "2021-06-07T17:10:01.570000",
"db": "NVD",
"id": "CVE-2021-22741"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability in the use of inadequately strong password hashes in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007428"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1735"
}
],
"trust": 0.6
}
}
var-202202-0239
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0239",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"cve": "CVE-2022-24321",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-24321",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-414002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24321",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-24321",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24321",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-24321",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-921",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414002",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24321"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "VULHUB",
"id": "VHN-414002"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24321",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-05",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414002",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"id": "VAR-202202-0239",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
}
],
"trust": 0.7287037
},
"last_update_date": "2024-11-23T22:44:05.135000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2022-039-05",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"
},
{
"title": "EcoStruxure Geo SCADA Expert Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182516"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.1
},
{
"problemtype": "Improper checking in exceptional conditions (CWE-754) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24321"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414002"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
},
{
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-414002"
},
{
"date": "2023-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-921"
},
{
"date": "2022-02-09T23:15:20.180000",
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-414002"
},
{
"date": "2023-05-19T06:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-005146"
},
{
"date": "2022-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-921"
},
{
"date": "2024-11-21T06:50:09.953000",
"db": "NVD",
"id": "CVE-2022-24321"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Product Exceptional State Check Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005146"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-921"
}
],
"trust": 0.6
}
}
var-202202-0241
Vulnerability from variot
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"cve": "CVE-2022-24320",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-24320",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-414001",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-24320",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24320",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24320",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-24320",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-919",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-414001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24320"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "VULHUB",
"id": "VHN-414001"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24320",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-05",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414001",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"id": "VAR-202202-0241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
}
],
"trust": 0.7287037
},
"last_update_date": "2024-11-23T22:44:05.185000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2022-039-05",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"
},
{
"title": "EcoStruxure Geo SCADA Expert Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182227"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0019/mndt-2022-0019.md"
},
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24320"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414001"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
},
{
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-414001"
},
{
"date": "2023-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-919"
},
{
"date": "2022-02-09T23:15:20.133000",
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-414001"
},
{
"date": "2023-05-19T06:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-005145"
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-919"
},
{
"date": "2024-11-21T06:50:09.847000",
"db": "NVD",
"id": "CVE-2022-24320"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability related to certificate validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005145"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-919"
}
],
"trust": 0.6
}
}
var-202202-0238
Vulnerability from variot
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0238",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"cve": "CVE-2022-24319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-24319",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-414000",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-24319",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24319",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-918",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-414000",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24319"
},
{
"db": "VULHUB",
"id": "VHN-414000"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24319",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-05",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414000",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"id": "VAR-202202-0238",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
}
],
"trust": 0.7287037
},
"last_update_date": "2024-11-23T22:44:05.210000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EcoStruxure Geo SCADA Expert Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182226"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0018/mndt-2022-0018.md"
},
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-05"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24319"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414000"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
},
{
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-414000"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-918"
},
{
"date": "2022-02-09T23:15:20.087000",
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-414000"
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-918"
},
{
"date": "2024-11-21T06:50:09.737000",
"db": "NVD",
"id": "CVE-2022-24319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EcoStruxure Geo SCADA Expert Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-918"
}
],
"trust": 0.6
}
}
var-202301-2353
Vulnerability from variot
A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Geo SCADA An unspecified vulnerability exists in the server.Service operation interruption (DoS) It may be in a state. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-2353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8218.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7936.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8108.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7980.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7522.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8017.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8155.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8267.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7896.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7840.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7714.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7808.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8197.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7322.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8182.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7613.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7936.2"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7429.2"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7787.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7913.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7980.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8108.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8108.2"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7717.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7641.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7268.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8220.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8155.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7457.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7551.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8197.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8269.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7840.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7875.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7809.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8172.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8120.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8197.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8122.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8027.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7488.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8015.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7692.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7690.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7578.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7545.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7578.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8267.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7777.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7613.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7742.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8181.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8122.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7875.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7742.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8221.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7641.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8158.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"db": "NVD",
"id": "CVE-2023-22610"
}
]
},
"cve": "CVE-2023-22610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-22610",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-22610",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-22610",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-22610",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2023-22610",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-22610",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-2427",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2427"
},
{
"db": "NVD",
"id": "CVE-2023-22610"
},
{
"db": "NVD",
"id": "CVE-2023-22610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of\nService against the Geo SCADA server when specific messages are sent to the server over the\ndatabase server TCP port. Geo SCADA An unspecified vulnerability exists in the server.Service operation interruption (DoS) It may be in a state. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"db": "VULMON",
"id": "CVE-2023-22610"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22610",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2023-010-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002975",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2427",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-22610",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-22610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2427"
},
{
"db": "NVD",
"id": "CVE-2023-22610"
}
]
},
"id": "VAR-202301-2353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6287037
},
"last_update_date": "2024-08-14T14:24:17.724000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2023-010-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf"
},
{
"title": "EcoStruxure Geo SCADA Expert Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=224263"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2427"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"db": "NVD",
"id": "CVE-2023-22610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-010-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-010-02_geo_scada_security_notification.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22610"
},
{
"trust": 0.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2023-010-02/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22610/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/285.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-22610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2427"
},
{
"db": "NVD",
"id": "CVE-2023-22610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-22610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2427"
},
{
"db": "NVD",
"id": "CVE-2023-22610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-31T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22610"
},
{
"date": "2023-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"date": "2023-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2427"
},
{
"date": "2023-01-31T17:15:08.827000",
"db": "NVD",
"id": "CVE-2023-22610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22610"
},
{
"date": "2023-08-28T05:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-002975"
},
{
"date": "2023-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2427"
},
{
"date": "2023-06-14T08:15:08.860000",
"db": "NVD",
"id": "CVE-2023-22610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2427"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geo\u00a0SCADA\u00a0 Vulnerabilities in the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002975"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2427"
}
],
"trust": 0.6
}
}
var-202012-0819
Vulnerability from variot
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. EcoStruxure Geo SCADA Expert 2019 and 2020 Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0819",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7268.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7578.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7551.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7578.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "original release monthly updates to september 2020, to 83.7551.1 to 83.7578.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"db": "NVD",
"id": "CVE-2020-28219"
}
]
},
"cve": "CVE-2020-28219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-28219",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-28219",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-28219",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-28219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-28219",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-937",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-937"
},
{
"db": "NVD",
"id": "CVE-2020-28219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. EcoStruxure Geo SCADA Expert 2019 and 2020 Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28219"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28219",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-343-02",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014611",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-937",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-937"
},
{
"db": "NVD",
"id": "CVE-2020-28219"
}
]
},
"id": "VAR-202012-0819",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6287037
},
"last_update_date": "2024-11-23T22:47:48.423000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-343-02",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-02/"
},
{
"title": "Schneider Electric EcoStruxure Geo SCADA Expert Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137442"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-937"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"db": "NVD",
"id": "CVE-2020-28219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-343-02/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28219"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-937"
},
{
"db": "NVD",
"id": "CVE-2020-28219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-937"
},
{
"db": "NVD",
"id": "CVE-2020-28219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"date": "2020-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-937"
},
{
"date": "2020-12-11T01:15:11.860000",
"db": "NVD",
"id": "CVE-2020-28219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-26T06:08:00",
"db": "JVNDB",
"id": "JVNDB-2020-014611"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-937"
},
{
"date": "2024-11-21T05:22:29.843000",
"db": "NVD",
"id": "CVE-2020-28219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-937"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EcoStruxure\u00a0Geo\u00a0SCADA\u00a0Expert\u00a02019\u00a0 and \u00a02020\u00a0 Vulnerability regarding inadequate protection of credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014611"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-937"
}
],
"trust": 0.6
}
}
var-202301-2352
Vulnerability from variot
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022). EcoStruxure Geo SCADA Expert 2019 from 2021 ( old name ClearSCADA) Exists in unspecified vulnerabilities.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-2352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8218.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7936.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8108.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7980.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7522.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8017.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8155.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8267.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7896.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7840.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7714.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7808.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8197.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7322.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8182.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7613.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7936.2"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7429.2"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7787.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7913.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7980.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8108.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8108.2"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7717.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7641.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7268.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8220.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8155.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7457.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7551.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8197.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8269.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7840.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7875.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7809.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8172.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8120.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8197.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8122.2"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8027.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7488.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8015.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7692.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7690.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7578.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7545.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7578.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8267.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7777.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7613.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7742.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8181.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.8122.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7875.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.7742.1"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "83.8221.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "81.7641.1"
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "84.8158.1"
},
{
"model": "ecostruxure geo scada expert 2019",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure geo scada expert 2021",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "october 2022 before that"
},
{
"model": "ecostruxure geo scada expert 2020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"db": "NVD",
"id": "CVE-2023-22611"
}
]
},
"cve": "CVE-2023-22611",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-22611",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002976",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-22611",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2023-22611",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002976",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-2426",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2426"
},
{
"db": "NVD",
"id": "CVE-2023-22611"
},
{
"db": "NVD",
"id": "CVE-2023-22611"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022). EcoStruxure Geo SCADA Expert 2019 from 2021 ( old name ClearSCADA) Exists in unspecified vulnerabilities.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22611"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"db": "VULMON",
"id": "CVE-2023-22611"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22611",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2023-010-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002976",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2426",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-22611",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-22611"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2426"
},
{
"db": "NVD",
"id": "CVE-2023-22611"
}
]
},
"id": "VAR-202301-2352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6287037
},
"last_update_date": "2024-08-14T14:24:17.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2023-010-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf"
},
{
"title": "EcoStruxure Geo SCADA Expert Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=224262"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2426"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"db": "NVD",
"id": "CVE-2023-22611"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-010-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-010-02_geo_scada_security_notification.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22611"
},
{
"trust": 0.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2023-010-02/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22611/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-22611"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2426"
},
{
"db": "NVD",
"id": "CVE-2023-22611"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-22611"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2426"
},
{
"db": "NVD",
"id": "CVE-2023-22611"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-31T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22611"
},
{
"date": "2023-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"date": "2023-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2426"
},
{
"date": "2023-01-31T17:15:08.927000",
"db": "NVD",
"id": "CVE-2023-22611"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22611"
},
{
"date": "2023-08-28T06:02:00",
"db": "JVNDB",
"id": "JVNDB-2023-002976"
},
{
"date": "2023-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2426"
},
{
"date": "2023-02-07T19:56:57.870000",
"db": "NVD",
"id": "CVE-2023-22611"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0EcoStruxure\u00a0Geo\u00a0SCADA\u00a0Expert\u00a0 product \u00a0( old name \u00a0ClearSCADA)\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002976"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2426"
}
],
"trust": 0.6
}
}
CVE-2023-0595 (GCVE-0-2023-0595)
Vulnerability from cvelistv5
Published
2023-02-24 00:00
Modified
2025-02-05 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-117 - Improper Output Neutralization for Logs
Summary
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Geo SCADA Expert 2019 |
Version: All < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-01.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:54:54.186453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:06:14.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2019",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2020",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Geo SCADA Expert 2021",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "October 2022",
"status": "affected",
"version": "All ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ClearSCADA ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server\u0027s database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)\u003c/p\u003e"
}
],
"value": "A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server\u0027s database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:15:26.476Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-0595",
"datePublished": "2023-02-24T00:00:00.000Z",
"dateReserved": "2023-01-31T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:06:14.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}