The remote web server is a version of StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA) prior to version 2010 R3.2 / 2014 R1.1, or a version of 2013 R1 to 2013 R2.1. It is, therefore, affected by an authentication bypass vulnerability due to the default guest account not being restricted.
Binary data scada_clearscada_remote_security_bypass.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | clearscada | cpe:/a:schneider-electric:clearscada | |
schneider-electric | scada_expert_clearscada | cpe:/a:schneider-electric:scada_expert_clearscada |