CVE-2014-5412

2014-09-1810:55:11

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-5412

schneider electric

scada

security vulnerability

clearscada 2010 r3

clearscada 2014 r1

remote access

guest account

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.7%

JSON

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.

Affected configurations

NVD

Node

avevaclearscadaMatch2010r3

avevaclearscadaMatch2010r3.1

avevaclearscadaMatch2013r1

avevaclearscadaMatch2013r1.1

avevaclearscadaMatch2013r1.1a

avevaclearscadaMatch2013r1.2

avevaclearscadaMatch2013r2

schneider-electricscada_expert_clearscadaMatch2013r2.1

schneider-electricscada_expert_clearscadaMatch2014r1

CPENameOperatorVersion
aveva:clearscadaaveva clearscadaeq2010
aveva:clearscadaaveva clearscadaeq2013
schneider-electric:scada_expert_clearscadaschneider-electric scada expert clearscadaeq2013
schneider-electric:scada_expert_clearscadaschneider-electric scada expert clearscadaeq2014

CPE	Name	Operator	Version
aveva:clearscada	aveva clearscada	eq	2010
aveva:clearscada	aveva clearscada	eq	2013
schneider-electric:scada_expert_clearscada	schneider-electric scada expert clearscada	eq	2013
schneider-electric:scada_expert_clearscada	schneider-electric scada expert clearscada	eq	2014