CVE-2014-5411

2014-09-1810:55:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-5411

cross-site scripting

xss

schneider electric

struxureware

scada

clearscada

remote authentication

5.4 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

avevaclearscadaMatch2010r3

avevaclearscadaMatch2010r3.1

avevaclearscadaMatch2013r1

avevaclearscadaMatch2013r1.1

avevaclearscadaMatch2013r1.1a

avevaclearscadaMatch2013r1.2

avevaclearscadaMatch2013r2

schneider-electricscada_expert_clearscadaMatch2013r2.1

schneider-electricscada_expert_clearscadaMatch2014r1

CPENameOperatorVersion
aveva:clearscadaaveva clearscadaeq2010
aveva:clearscadaaveva clearscadaeq2013
schneider-electric:scada_expert_clearscadaschneider-electric scada expert clearscadaeq2013
schneider-electric:scada_expert_clearscadaschneider-electric scada expert clearscadaeq2014

CPE	Name	Operator	Version
aveva:clearscada	aveva clearscada	eq	2010
aveva:clearscada	aveva clearscada	eq	2013
schneider-electric:scada_expert_clearscada	schneider-electric scada expert clearscada	eq	2013
schneider-electric:scada_expert_clearscada	schneider-electric scada expert clearscada	eq	2014