Vulnerabilites related to aveva - clearscada
CVE-2014-0779 (GCVE-0-2014-0779)
Vulnerability from cvelistv5
Published
2014-03-14 10:00
Modified
2025-09-24 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | ClearSCADA |
Version: 2010 R2 (build 71.4165) Version: 2010 R2.1 (build 71.4325) Version: 2010 R3 (build 72.4560) Version: 2010 R3.1 (build 72.4644) |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R2 (build 71.4165)"
},
{
"status": "affected",
"version": "2010 R2.1 (build 71.4325)"
},
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Brooks identified and reported to The Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-03-13T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).\u003c/p\u003e"
}
],
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:33:37.552Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric recommends that customers using the vulnerable product versions to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\u003c/li\u003e\n\u003cli\u003eGuidance and assistance is available from Schneider Electric Technical Application Support at:\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/\"\u003ehttp://products.schneider-electric.us/products-services/services/automation-and-control-services/tel...\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eKepware has confirmed this vulnerability is not present in KepServerEX V5.\u003c/p\u003e\n\u003cp\u003eThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric recommends that customers using the vulnerable product versions to:\n\n\n\n * Uninstall the Kepware driver in the vulnerable product versions and migrate to an external installation of KepServerEX V5.\n\n * Guidance and assistance is available from Schneider Electric Technical Application Support at:\n\n\n\n\n http://products.schneider-electric.us/products-services/services/automation-and-control-services/tel... http://products.schneider-electric.us/products-services/services/automation-and-control-services/telephone-and-software-support/telephone-support-service/ .\n\n\nKepware has confirmed this vulnerability is not present in KepServerEX V5.\n\n\nThe security announcement affecting the SCADA Expert ClearSCADA File Parsing Vulnerability is available here:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01 ."
}
],
"source": {
"advisory": "ICSA-14-072-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0779",
"datePublished": "2014-03-14T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:33:37.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9962 (GCVE-0-2017-9962)
Vulnerability from cvelistv5
Published
2017-09-25 19:00
Modified
2024-09-16 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory Allocation
Summary
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | ClearSCADA |
Version: 2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearSCADA",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions"
}
]
}
],
"datePublic": "2013-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Allocation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T18:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2013-11-21T00:00:00",
"ID": "CVE-2017-9962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearSCADA",
"version": {
"version_data": [
{
"version_value": "2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Allocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-9962",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-06-26T00:00:00",
"dateUpdated": "2024-09-16T19:15:45.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3144 (GCVE-0-2011-3144)
Vulnerability from cvelistv5
Published
2011-08-16 21:00
Modified
2024-09-16 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/44955 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf | x_refsource_MISC | |
| http://www.osvdb.org/72987 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf | x_refsource_MISC | |
| http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"name": "72987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/72987"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-16T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"name": "72987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/72987"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44955"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"name": "72987",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72987"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
},
{
"name": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/",
"refsource": "MISC",
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3144",
"datePublished": "2011-08-16T21:00:00Z",
"dateReserved": "2011-08-16T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:32.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5411 (GCVE-0-2014-5411)
Vulnerability from cvelistv5
Published
2014-09-18 10:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-18T05:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5411",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3143 (GCVE-0-2011-3143)
Vulnerability from cvelistv5
Published
2011-08-16 21:00
Modified
2024-08-06 23:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/72989 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/44955 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/46312 | vdb-entry, x_refsource_BID | |
| http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/72989"
},
{
"name": "44955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
},
{
"name": "46312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "72989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/72989"
},
{
"name": "44955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
},
{
"name": "46312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72989",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72989"
},
{
"name": "44955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44955"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
},
{
"name": "46312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46312"
},
{
"name": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/",
"refsource": "MISC",
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3143",
"datePublished": "2011-08-16T21:00:00",
"dateReserved": "2011-08-16T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5412 (GCVE-0-2014-5412)
Vulnerability from cvelistv5
Published
2014-09-18 10:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-18T05:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5412",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6021 (GCVE-0-2017-6021)
Vulnerability from cvelistv5
Published
2018-05-14 14:00
Modified
2024-09-16 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - IMPROPER INPUT VALIDATION
Summary
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96768 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | ClearSCADA |
Version: 2014 R1 (build 75.5210) and prior Version: 2014 R1.1 (build 75.5387) and prior Version: 2015 R1 (build 76.5648) and prior Version: 2015 R2 (build 77.5882) and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearSCADA",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "2014 R1 (build 75.5210) and prior"
},
{
"status": "affected",
"version": "2014 R1.1 (build 75.5387) and prior"
},
{
"status": "affected",
"version": "2015 R1 (build 76.5648) and prior"
},
{
"status": "affected",
"version": "2015 R2 (build 77.5882) and prior"
}
]
}
],
"datePublic": "2017-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-15T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "96768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-03-09T00:00:00",
"ID": "CVE-2017-6021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearSCADA",
"version": {
"version_data": [
{
"version_value": "2014 R1 (build 75.5210) and prior"
},
{
"version_value": "2014 R1.1 (build 75.5387) and prior"
},
{
"version_value": "2015 R1 (build 76.5648) and prior"
},
{
"version_value": "2015 R2 (build 77.5882) and prior"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96768"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6021",
"datePublished": "2018-05-14T14:00:00Z",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-09-16T22:56:53.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6142 (GCVE-0-2013-6142)
Vulnerability from cvelistv5
Published
2014-01-15 15:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-15T15:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-6142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-6142",
"datePublished": "2014-01-15T15:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5413 (GCVE-0-2014-5413)
Vulnerability from cvelistv5
Published
2014-09-18 10:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-18T05:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5413",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201401-0246
Vulnerability from variot
DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "electric clearscada r2 r3.1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010-2010"
},
{
"model": "electric scada expert clearscada r1 r1.2",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013-2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "64813"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6142",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00429",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-66144",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6142",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6142",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6142"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-66144"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6142",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-014-01",
"trust": 3.4
},
{
"db": "BID",
"id": "64813",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00429",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850",
"trust": 0.8
},
{
"db": "IVD",
"id": "4AD3B3E4-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-66144",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"id": "VAR-201401-0246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
}
],
"trust": 1.7611111166666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
}
]
},
"last_update_date": "2024-11-23T22:31:21.497000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA - SCADA software for telemetry and remote SCADA applications",
"trust": 0.8,
"url": "http://www.schneider-electric.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42539"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-014-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6142"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6142"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"db": "VULHUB",
"id": "VHN-66144"
},
{
"db": "BID",
"id": "64813"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
},
{
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-17T00:00:00",
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"date": "2014-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-66144"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64813"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-325"
},
{
"date": "2014-01-15T16:11:08.363000",
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00429"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-66144"
},
{
"date": "2015-03-19T08:34:00",
"db": "BID",
"id": "64813"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005850"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-325"
},
{
"date": "2024-11-21T01:58:44.847000",
"db": "NVD",
"id": "CVE-2013-6142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "4ad3b3e4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-325"
}
],
"trust": 0.8
}
}
var-201403-0444
Vulnerability from variot
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \"PLC Driver\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013"
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Brooks",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "BID",
"id": "65476"
}
],
"trust": 1.0
},
"cve": "CVE-2014-0779",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0779",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 2.5,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01024",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0779",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0779",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-0779",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \\\"PLC Driver\\\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0779",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-072-01",
"trust": 2.5
},
{
"db": "BID",
"id": "65476",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1876",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-059",
"trust": 0.7
},
{
"db": "IVD",
"id": "285FDC02-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68272",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"id": "VAR-201403-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
}
]
},
"last_update_date": "2024-11-23T21:55:26.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD 2014-024-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0779"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0779"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/65476"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2014-01-24T00:00:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"date": "2014-03-14T10:55:05.803000",
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2015-03-19T09:33:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"date": "2024-11-21T02:02:47.440000",
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA of Kepware KepServerEX 4 Component ServerMain.exe Inside PLC Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.8
}
}
var-201805-0210
Vulnerability from variot
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Schneider Electric ClearSCADA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. The following versions are affected: ClearSCADA 2014 R1 (build 75.5210) and earlier, ClearSCADA 2014 R1.1 (build 75.5387) and earlier, ClearSCADA 2015 R1 (build 76.5648) and earlier, ClearSCADA 2015 R2 (build 77.5882) and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1.1 (build 75.5387)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2015 r1 (build 76.5648)"
},
{
"model": "clearscada",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2015 r2 (build 77.5882)"
},
{
"model": "electric clearscada",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2014"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2015"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201072.4560"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201071.4325"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201071.4165"
},
{
"model": "clearscada r3.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201577.58"
},
{
"model": "clearscada r1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201576.56"
},
{
"model": "clearscada r1.1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201475."
},
{
"model": "clearscada r1 (build",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201475.52"
},
{
"model": "clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r2 hotfix build",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada r1.1 sp (build",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2015"
},
{
"model": "clearscada r1.1 hotfix bui",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov and Vladimir Dashchenko of Kapersky Lab??s Critical Infrastructure Defense Team",
"sources": [
{
"db": "BID",
"id": "96768"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6021",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03833",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "02487795-6c68-4ccc-a502-44cc37dedf09",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114224",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6021",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6021",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6021",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-03833",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-591",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114224",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Schneider Electric ClearSCADA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. The following versions are affected: ClearSCADA 2014 R1 (build 75.5210) and earlier, ClearSCADA 2014 R1.1 (build 75.5387) and earlier, ClearSCADA 2015 R1 (build 76.5648) and earlier, ClearSCADA 2015 R2 (build 77.5882) and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6021"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "VULHUB",
"id": "VHN-114224"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6021",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-068-01",
"trust": 2.8
},
{
"db": "BID",
"id": "96768",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-03833",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "36057",
"trust": 0.6
},
{
"db": "IVD",
"id": "02487795-6C68-4CCC-A502-44CC37DEDF09",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114224",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"id": "VAR-201805-0210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
}
],
"trust": 1.754166675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
}
]
},
"last_update_date": "2024-11-23T22:17:30.990000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-060-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2017-060-01+SCADA+expert+ClearSCADA.pdf\u0026p_Doc_Ref=SEVD-2017-060-01"
},
{
"title": "Schneider Electric ClearSCADA Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91450"
},
{
"title": "Schneider Electric ClearSCADA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99646"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-068-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96768"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6021"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6021"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36057"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"db": "VULHUB",
"id": "VHN-114224"
},
{
"db": "BID",
"id": "96768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
},
{
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-114224"
},
{
"date": "2017-03-09T00:00:00",
"db": "BID",
"id": "96768"
},
{
"date": "2018-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-591"
},
{
"date": "2018-05-14T14:29:00.193000",
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03833"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114224"
},
{
"date": "2017-03-16T00:02:00",
"db": "BID",
"id": "96768"
},
{
"date": "2018-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013462"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-591"
},
{
"date": "2024-11-21T03:28:55.197000",
"db": "NVD",
"id": "CVE-2017-6021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNVD",
"id": "CNVD-2017-03833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "02487795-6c68-4ccc-a502-44cc37dedf09"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-591"
}
],
"trust": 0.8
}
}
var-201108-0129
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The ClearSCADA application has a post-release usage error, sending a long string can trigger a heap-based buffer overflow, and successfully exploiting the vulnerability can execute arbitrary code in the application context. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA has a cross-site scripting vulnerability. Some unspecified input lacks filtering before returning users. Attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack user sessions. ClearSCADA The application has a use error after release. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: ClearSCADA Cross-Site Scripting and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA44955
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44955
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/44955/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44955/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44955
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in ClearSCADA, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
The vulnerabilities are reported the following products: * ClearSCADA 2005 (all versions) * ClearSCADA 2007 (all versions) * ClearSCADA 2009 (all versions except R2.3 and R1.4)
SOLUTION: Update to a fixed version. Please see the CERT advisory for more information.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Digital Bond.
ORIGINAL ADVISORY: Digital Bond: http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/ http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/
US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201108-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.2,
"vendor": "clearscada",
"version": "2005/2007/2009"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2005"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2009"
},
{
"model": "scx 68",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "r3.9"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2007"
},
{
"model": "scx 67",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "r4.5"
},
{
"model": "clearscada 2005",
"scope": null,
"trust": 0.8,
"vendor": "control microsystems",
"version": null
},
{
"model": "clearscada 2007",
"scope": null,
"trust": 0.8,
"vendor": "control microsystems",
"version": null
},
{
"model": "clearscada 2009",
"scope": "lt",
"trust": 0.8,
"vendor": "control microsystems",
"version": "r1.4"
},
{
"model": "clearscada 2009",
"scope": "lt",
"trust": 0.8,
"vendor": "control microsystems",
"version": "r2.3"
},
{
"model": "scx",
"scope": "lt",
"trust": 0.8,
"vendor": "serck control",
"version": "67 r4.5"
},
{
"model": "scx",
"scope": "lt",
"trust": 0.8,
"vendor": "serck control",
"version": "68 r3.9"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "2.1"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "2.0"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.3"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.0"
},
{
"model": "clearscada 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.2"
},
{
"model": "clearscada 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.4"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.1"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "2.2"
},
{
"model": "clearscada 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.3"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "controlmicrosystems",
"version": "1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2005/2007/2009"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20091.2.2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20092.2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20092.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20092.0"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20091.3"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20091.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20091.0"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.2.2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.4"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.3"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20071.0"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20070.2"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20070.1"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20070"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20051.0"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "controlmicrosystems",
"version": "20050"
}
],
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:controlmicrosystems:clearscada_2005",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:controlmicrosystems:clearscada_2007",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:controlmicrosystems:clearscada_2009",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:serck-controls:scx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73823"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3144",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-3144",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "27070a74-1f92-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-51089",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3144",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-3144",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201108-287",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-51089",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The ClearSCADA application has a post-release usage error, sending a long string can trigger a heap-based buffer overflow, and successfully exploiting the vulnerability can execute arbitrary code in the application context. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA has a cross-site scripting vulnerability. Some unspecified input lacks filtering before returning users. Attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack user sessions. ClearSCADA The application has a use error after release. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nClearSCADA Cross-Site Scripting and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44955\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44955/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44955/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44955/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in ClearSCADA, which can be\nexploited by malicious people to conduct cross-site scripting attacks\nand compromise a vulnerable system. \n\nThe vulnerabilities are reported the following products:\n* ClearSCADA 2005 (all versions)\n* ClearSCADA 2007 (all versions)\n* ClearSCADA 2009 (all versions except R2.3 and R1.4)\n\nSOLUTION:\nUpdate to a fixed version. Please see the CERT advisory for more\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Digital Bond. \n\nORIGINAL ADVISORY:\nDigital Bond:\nhttp://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/\nhttp://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/\n\nUS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3144"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "PACKETSTORM",
"id": "102344"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "44955",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-10-314-01A",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-10-314-01",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2011-3144",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "72987",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2011-2309",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-2308",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287",
"trust": 0.7
},
{
"db": "BID",
"id": "73823",
"trust": 0.4
},
{
"db": "IVD",
"id": "27070A74-1F92-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "28D182C6-1F92-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-51089",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102344",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"id": "VAR-201108-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51089"
}
],
"trust": 2.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
}
]
},
"last_update_date": "2024-11-23T22:35:35.386000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.clearscada.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.serck-controls.com/"
},
{
"title": "Patch for ClearSCADA Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/4144"
},
{
"title": "Patch for ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/4145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-314-01a.pdf"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-314-01.pdf"
},
{
"trust": 2.1,
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/72987"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44955"
},
{
"trust": 1.3,
"url": "http://secunia.com/advisories/44955/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3144"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3144"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44955/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51089"
},
{
"db": "BID",
"id": "73823"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
},
{
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-17T00:00:00",
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"date": "2011-06-17T00:00:00",
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"date": "2011-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-51089"
},
{
"date": "2011-08-16T00:00:00",
"db": "BID",
"id": "73823"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"date": "2011-06-16T10:28:00",
"db": "PACKETSTORM",
"id": "102344"
},
{
"date": "2011-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-287"
},
{
"date": "2011-08-16T21:55:01.427000",
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-51089"
},
{
"date": "2011-08-16T00:00:00",
"db": "BID",
"id": "73823"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003496"
},
{
"date": "2011-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-287"
},
{
"date": "2024-11-21T01:29:50.153000",
"db": "NVD",
"id": "CVE-2011-3144"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClearSCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-287"
}
],
"trust": 0.7
}
}
var-201409-0723
Vulnerability from variot
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CERT",
"sources": [
{
"db": "BID",
"id": "69840"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5412",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5412",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06087",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5412",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5412",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5412",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.8
},
{
"db": "BID",
"id": "69840",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "DCF002D8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73353",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"id": "VAR-201409-0723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
]
},
"last_update_date": "2024-11-23T21:55:16.184000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5412"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5412"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69840"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"date": "2014-09-18T10:55:11.687000",
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2015-03-19T08:46:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"date": "2024-11-21T02:12:00.050000",
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Remote Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
}
}
var-201409-0722
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0722",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4560)"
},
{
"model": "electric clearscada r3.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4644)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4729)"
},
{
"model": "electric scada expert clearscada r1.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4832)"
},
{
"model": "electric scada expert clearscada r1.1a (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4903)"
},
{
"model": "electric scada expert clearscada r1.2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4955)"
},
{
"model": "electric scada expert clearscada r2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5094)"
},
{
"model": "electric scada expert clearscada r2.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5192)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201475.5210)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2014"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "80073"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2014-5411",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-06196",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-73352",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5411",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2014-5411",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-06196",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-73352",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5411",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2014-06196",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "111238",
"trust": 0.6
},
{
"db": "BID",
"id": "80073",
"trust": 0.4
},
{
"db": "IVD",
"id": "770608EC-1EB9-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "DCDEEBB0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73352",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"id": "VAR-201409-0722",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 2.0027777833333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
]
},
"last_update_date": "2024-11-23T21:55:16.140000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
},
{
"title": "Patch for Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50244"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5411"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5411"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/111238"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"date": "2014-09-18T10:55:11.640000",
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"date": "2024-11-21T02:11:59.940000",
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
}
}
var-201709-1079
Vulnerability from variot
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2017"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
}
]
},
"cve": "CVE-2017-9962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9962",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35027",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-118165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9962",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9962",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9962",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118165",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9962",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-264-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2017-35027",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "37698",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DE969E-39AB-11E9-A4AE-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7AD47499-BDFC-4EBC-ABE2-88ED69C51BAE",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118165",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"id": "VAR-201709-1079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
]
},
"last_update_date": "2024-11-23T22:42:03.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-264-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-264-01"
},
{
"title": "Schneider Electric ClearSCADA Memory Allocation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/106694"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-264-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9962"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37698"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2017-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"date": "2017-09-26T01:29:04.037000",
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2017-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"date": "2024-11-21T03:37:15.633000",
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Memory allocation vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 1.0
}
}
var-201409-0724
Vulnerability from variot
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0724",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3-2014 r1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "69842"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5413",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5413",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5413",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06121",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73354",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5413",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5413",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73354",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5413",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.5
},
{
"db": "BID",
"id": "69842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284",
"trust": 0.8
},
{
"db": "IVD",
"id": "DCFE0734-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73354",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"id": "VAR-201409-0724",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
}
]
},
"last_update_date": "2024-11-23T21:55:16.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA has patches for remote unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5413"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5413"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"date": "2014-09-18T10:55:11.733000",
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-10-08T07:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"date": "2024-11-21T02:12:00.163000",
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Vulnerable to server impersonation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
}
}
var-201108-0128
Vulnerability from variot
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. Control Microsystems is Schneider Electric, a global provider of SCADA hardware and software products. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. There are several security vulnerabilities in ClearSCADA: 1. There is a heap-based buffer overflow for ClearSCADA applications, and a type heap overflow for overflow after release. Sending a legal message containing a very long string can trigger heap corruption. 2, ClearSCADA provides a WEB interface that supports HTTP and HTTPS. By default, the ClearSCADA server uses HTTP, which allows anyone to obtain plaintext authentication information by sniffing. 3. There is a reflective cross-site scripting attack on the WEB interface. With this vulnerability, an attacker can directly inject malicious code into a user's browser session. The parameter returned to the user is missing filtering. Attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Control Microsystems ClearSCADA is prone to multiple remote vulnerabilities, including: 1. An information-disclosure vulnerability An attacker can exploit these issues to execute arbitrary code with elevated privileges, execute arbitrary script code within the context of the webserver, steal cookie-based authentication credentials, and gain access to sensitive information. Other attacks are also possible. The following products are affected: ClearSCADA 2005 ClearSCADA 2007 ClearSCADA 2009. ClearSCADA The application has a use error after release. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: ClearSCADA Cross-Site Scripting and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA44955
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44955
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/44955/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44955/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44955
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in ClearSCADA, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
The vulnerabilities are reported the following products: * ClearSCADA 2005 (all versions) * ClearSCADA 2007 (all versions) * ClearSCADA 2009 (all versions except R2.3 and R1.4)
SOLUTION: Update to a fixed version. Please see the CERT advisory for more information.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Digital Bond.
ORIGINAL ADVISORY: Digital Bond: http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/ http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/
US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201108-0128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.2,
"vendor": "clearscada",
"version": "2005/2007/2009"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2005"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2009"
},
{
"model": "scx 68",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "r3.9"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2007"
},
{
"model": "scx 67",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "r4.5"
},
{
"model": "clearscada 2005",
"scope": null,
"trust": 0.8,
"vendor": "control microsystems",
"version": null
},
{
"model": "clearscada 2007",
"scope": null,
"trust": 0.8,
"vendor": "control microsystems",
"version": null
},
{
"model": "clearscada 2009",
"scope": "lt",
"trust": 0.8,
"vendor": "control microsystems",
"version": "r1.4"
},
{
"model": "clearscada 2009",
"scope": "lt",
"trust": 0.8,
"vendor": "control microsystems",
"version": "r2.3"
},
{
"model": "scx",
"scope": "lt",
"trust": 0.8,
"vendor": "serck control",
"version": "67 r4.5"
},
{
"model": "scx",
"scope": "lt",
"trust": 0.8,
"vendor": "serck control",
"version": "68 r3.9"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "control",
"version": "2009"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "control",
"version": "2007"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "control",
"version": "2005"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r2.2"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.2"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.1"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.0"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r2.1"
},
{
"model": "clearscada 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.4"
},
{
"model": "scx",
"scope": "eq",
"trust": 0.6,
"vendor": "serck controls",
"version": "68"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r1.3"
},
{
"model": "scx",
"scope": "eq",
"trust": 0.6,
"vendor": "serck controls",
"version": "67"
},
{
"model": "clearscada 2009",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "r2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2009"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scx 67",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scx 68",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2005/2007/2009"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "control",
"version": "20090"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "control",
"version": "20070"
},
{
"model": "microsystems clearscada",
"scope": "eq",
"trust": 0.3,
"vendor": "control",
"version": "20050"
},
{
"model": "microsystems clearscada r1.4",
"scope": "ne",
"trust": 0.3,
"vendor": "control",
"version": "2010"
},
{
"model": "microsystems clearscada",
"scope": "ne",
"trust": 0.3,
"vendor": "control",
"version": "20092.3"
},
{
"model": "microsystems clearscada",
"scope": "ne",
"trust": 0.3,
"vendor": "control",
"version": "20091"
}
],
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:controlmicrosystems:clearscada_2005",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:controlmicrosystems:clearscada_2007",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:controlmicrosystems:clearscada_2009",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:serck-controls:scx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digital Bond",
"sources": [
{
"db": "BID",
"id": "46312"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3143",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "27070a74-1f92-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-51088",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3143",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3143",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201108-286",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-51088",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. Control Microsystems is Schneider Electric, a global provider of SCADA hardware and software products. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. There are several security vulnerabilities in ClearSCADA: 1. There is a heap-based buffer overflow for ClearSCADA applications, and a type heap overflow for overflow after release. Sending a legal message containing a very long string can trigger heap corruption. 2, ClearSCADA provides a WEB interface that supports HTTP and HTTPS. By default, the ClearSCADA server uses HTTP, which allows anyone to obtain plaintext authentication information by sniffing. 3. There is a reflective cross-site scripting attack on the WEB interface. With this vulnerability, an attacker can directly inject malicious code into a user\u0027s browser session. The parameter returned to the user is missing filtering. Attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Control Microsystems ClearSCADA is prone to multiple remote vulnerabilities, including:\n1. An information-disclosure vulnerability\nAn attacker can exploit these issues to execute arbitrary code with elevated privileges, execute arbitrary script code within the context of the webserver, steal cookie-based authentication credentials, and gain access to sensitive information. Other attacks are also possible. \nThe following products are affected:\nClearSCADA 2005\nClearSCADA 2007\nClearSCADA 2009. ClearSCADA The application has a use error after release. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nClearSCADA Cross-Site Scripting and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44955\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44955/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44955/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44955/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in ClearSCADA, which can be\nexploited by malicious people to conduct cross-site scripting attacks\nand compromise a vulnerable system. \n\nThe vulnerabilities are reported the following products:\n* ClearSCADA 2005 (all versions)\n* ClearSCADA 2007 (all versions)\n* ClearSCADA 2009 (all versions except R2.3 and R1.4)\n\nSOLUTION:\nUpdate to a fixed version. Please see the CERT advisory for more\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Digital Bond. \n\nORIGINAL ADVISORY:\nDigital Bond:\nhttp://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/\nhttp://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/\n\nUS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "PACKETSTORM",
"id": "102344"
}
],
"trust": 4.41
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-51088",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51088"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3143",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "44955",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-10-314-01A",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-10-314-01",
"trust": 2.5
},
{
"db": "BID",
"id": "46312",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "72989",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-0506",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-2309",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-2308",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495",
"trust": 0.8
},
{
"db": "IVD",
"id": "DDB570C8-1F9F-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "27070A74-1F92-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "28D182C6-1F92-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7D7A14-463F-11E9-9E9F-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-51088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102344",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"id": "VAR-201108-0128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51088"
}
],
"trust": 3.6285714350000005
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.6
}
],
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
}
]
},
"last_update_date": "2024-11-23T22:35:35.319000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.clearscada.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.serck-controls.com/"
},
{
"title": "Patch for ClearSCADA Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/4144"
},
{
"title": "Control Microsystems ClearSCADA has multiple patches for security vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/2852"
},
{
"title": "Patch for ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/4145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-314-01a.pdf"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-314-01.pdf"
},
{
"trust": 1.8,
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/72989"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44955"
},
{
"trust": 1.3,
"url": "http://secunia.com/advisories/44955/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/46312"
},
{
"trust": 0.9,
"url": "http://www.vupen.com/english/reference-2011-0356-1.php"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3143"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3143"
},
{
"trust": 0.3,
"url": "http://www.clearscada.com/index.cfm"
},
{
"trust": 0.3,
"url": "http://www.clearscada.com/services-support/software-updates/"
},
{
"trust": 0.1,
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44955/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44955"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"db": "VULHUB",
"id": "VHN-51088"
},
{
"db": "BID",
"id": "46312"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"db": "PACKETSTORM",
"id": "102344"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
},
{
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-02-11T00:00:00",
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"date": "2011-06-17T00:00:00",
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"date": "2011-06-17T00:00:00",
"db": "IVD",
"id": "28d182c6-1f92-11e6-abef-000c29c66e3d"
},
{
"date": "2011-02-11T00:00:00",
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"date": "2011-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"date": "2011-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-51088"
},
{
"date": "2011-02-10T00:00:00",
"db": "BID",
"id": "46312"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"date": "2011-06-16T10:28:00",
"db": "PACKETSTORM",
"id": "102344"
},
{
"date": "2011-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-286"
},
{
"date": "2011-08-16T21:55:01.350000",
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2309"
},
{
"date": "2011-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-0506"
},
{
"date": "2011-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2308"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-51088"
},
{
"date": "2015-07-15T00:13:00",
"db": "BID",
"id": "46312"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003495"
},
{
"date": "2011-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-286"
},
{
"date": "2024-11-21T01:29:49.987000",
"db": "NVD",
"id": "CVE-2011-3143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClearSCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "27070a74-1f92-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2309"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "ddb570c8-1f9f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a14-463f-11e9-9e9f-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-286"
}
],
"trust": 1.0
}
}
Vulnerability from fkie_nvd
Published
2011-08-16 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2005 | |
| aveva | clearscada | 2007 | |
| aveva | clearscada | 2009 | |
| schneider-electric | scx_67 | * | |
| schneider-electric | scx_68 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "FB367177-4A97-43C3-BD7E-1D051CC0EF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "8396238B-F58F-4B45-8831-F489134B43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "07EB578D-750D-46F0-BC7D-2CAB4FFB6BA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86BA38FC-5782-469D-BF9C-2D6D34E81AFC",
"versionEndExcluding": "r4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C5848D-CDFF-4799-8271-7CDB9C712B8F",
"versionEndExcluding": "r3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Control Microsystems ClearSCADA 2005, 2007 y 2009 en versiones anteriores a la R2.3 y R1.4, como se utiliza en SCX anteriores a 67 R4.5 y 68 R3.9, permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2011-3144",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-08-16T21:55:01.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44955"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/72987"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/72987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-14 14:29
Modified
2024-11-21 03:28
Severity ?
Summary
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/96768 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96768 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | * | |
| schneider-electric | clearscada | 2014 | |
| schneider-electric | clearscada | 2014 | |
| aveva | clearscada | * | |
| schneider-electric | clearscada | 2015 | |
| schneider-electric | clearscada | 2015 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF38D64-EC72-4D39-80BB-4B3958C18B8B",
"versionEndIncluding": "2010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:clearscada:2014:r1:*:*:*:*:*:*",
"matchCriteriaId": "441BA0DB-0BF8-4CDC-9715-9E5227954061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:clearscada:2014:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "CB2497FA-9965-4C1A-B9F8-34FC76F0A552",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF38D64-EC72-4D39-80BB-4B3958C18B8B",
"versionEndIncluding": "2010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:clearscada:2015:r1:*:*:*:*:*:*",
"matchCriteriaId": "AFE9EABB-597E-4198-9C2D-3886A969483D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:clearscada:2015:r2:*:*:*:*:*:*",
"matchCriteriaId": "23FD329C-7118-44C1-8BE2-EED715564C2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "En Schneider Electric ClearSCADA 2014 R1 (build 75.5210) y anteriores, 2014 R1.1 (build 75.5387) y anteriores, 2015 R1 (build 76.5648) y anteriores y 2015 R2 (build 77.5882) y anteriores, un atacante con acceso de red al servidor ClearSCADA puede enviar secuencias de comandos especialmente manipuladas y paquetes de datos al servidor ClearSCADA que pueden provocar que el proceso del servidor ClearSCADA y los procesos del controlador de comunicaciones ClearSCADA finalicen. Se ha calculado una puntuaci\u00f3n base de CVSS v3 de 7.5; la cadena de vector CVSS es (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2017-6021",
"lastModified": "2024-11-21T03:28:55.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-14T14:29:00.193",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-26 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/ | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/ | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF38D64-EC72-4D39-80BB-4B3958C18B8B",
"versionEndIncluding": "2010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon."
},
{
"lang": "es",
"value": "Las versiones anteriores a agosto 2017 de ClearSCADA de Schneider Electric son susceptibles a una vulnerabilidad de asignaci\u00f3n de memoria en la que se podr\u00edan enviar peticiones mal formadas a las aplicaciones cliente de ClearSCADA para provocar un comportamiento inesperado. Las aplicaciones cliente afectadas son ViewX y el icono de servidor."
}
],
"id": "CVE-2017-9962",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-26T01:29:04.037",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-18 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2014 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."
},
{
"lang": "es",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 hasta 2014 R1 utiliza el algoritmo MD5 para certificados X.509, lo cual facilita a atacantes remotos falsificar servidores a trav\u00e9s de ataques criptogr\u00e1ficos contra este algoritmo"
}
],
"id": "CVE-2014-5413",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-18T10:55:11.733",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-18 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2014 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 hasta 2014 R1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-5411",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-18T10:55:11.640",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-18 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2013 | |
| schneider-electric | scada_expert_clearscada | 2014 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*",
"matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
},
{
"lang": "es",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA versiones desde 2010 R3 hasta 2014 R1 permite a atacantes remotos leer registros de la base de datos a trav\u00e9s del acceso con la cuenta de invitado."
}
],
"id": "CVE-2014-5412",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-18T10:55:11.687",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 10:55
Modified
2025-09-24 22:15
Severity ?
Summary
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"matchCriteriaId": "0A01B1BA-9515-40F7-A3CF-83D387868470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "EAC05F7C-4F5B-4045-ACFD-1239AEAED3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."
},
{
"lang": "es",
"value": "El controlador PLC en ServerMain.exe en el componente Kepware KepServerEX 4 en Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955 y 2013 R2 build 74.5094 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo OPF manipulado (tambi\u00e9n conocido como archivo de proyecto)."
}
],
"id": "CVE-2014-0779",
"lastModified": "2025-09-24T22:15:35.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": true
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T10:55:05.803",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-16 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2005 | |
| aveva | clearscada | 2007 | |
| aveva | clearscada | 2009 | |
| schneider-electric | scx_67 | * | |
| schneider-electric | scx_68 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "FB367177-4A97-43C3-BD7E-1D051CC0EF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "8396238B-F58F-4B45-8831-F489134B43D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "07EB578D-750D-46F0-BC7D-2CAB4FFB6BA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86BA38FC-5782-469D-BF9C-2D6D34E81AFC",
"versionEndExcluding": "r4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C5848D-CDFF-4799-8271-7CDB9C712B8F",
"versionEndExcluding": "r3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption."
},
{
"lang": "es",
"value": "Vulnerabilidad de tipo \"usar-despu\u00e9s-de-liberar\" en Control Microsystems ClearSCADA 2005, 2007 y 2009 anteriores a R2.3 y R1.4, tal como se usa en SCX anteriores a 67 R4.5 y 68 R3.9, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de cadenas de texto extensas que provocan una corrupci\u00f3n de memoria din\u00e1mica (\"heap\")."
}
],
"id": "CVE-2011-3143",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-16T21:55:01.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44955"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/72989"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46312"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/72989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:11
Modified
2025-04-11 00:51
Severity ?
Summary
DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2010 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 | |
| aveva | clearscada | 2013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*",
"matchCriteriaId": "0A01B1BA-9515-40F7-A3CF-83D387868470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "EAC05F7C-4F5B-4045-ACFD-1239AEAED3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*",
"matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*",
"matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*",
"matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
},
{
"lang": "es",
"value": "DNP3Driver.exe en el controlador DNP3 en Schneider Electric ClearSCADA 2010 R2 hasta 2010 R3.1 y SCADA Expert ClearSCADA 2013 R1 a 2013 R1.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de paquetes IP que contienen errores que desencadenan mensajes event-journal"
}
],
"id": "CVE-2013-6142",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:11:08.363",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}