var-201409-0724
Vulnerability from variot
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0724",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3-2014 r1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "69842"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5413",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5413",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5413",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06121",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73354",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5413",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5413",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73354",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5413",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.5
},
{
"db": "BID",
"id": "69842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284",
"trust": 0.8
},
{
"db": "IVD",
"id": "DCFE0734-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73354",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"id": "VAR-201409-0724",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
}
]
},
"last_update_date": "2024-11-23T21:55:16.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA has patches for remote unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5413"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5413"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"date": "2014-09-18T10:55:11.733000",
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-10-08T07:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"date": "2024-11-21T02:12:00.163000",
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Vulnerable to server impersonation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…