Lucene search
K

133 matches found

exploitpack
exploitpack
added 2015/02/02 3:19 p.m.20 views

ClearSCADA-Remote-Authentication-Bypass

When an exception in occurs, ClearSCADA enters "Safe Mode". This exposes it's diagnostic functions to remote users without requiring a valid login as it would normally. A remote attacker could view senstive information and possibly modify functions of the server running on the affected host...

3.5AI score
Exploits0
CNVD
CNVD
added 2015/02/02 12:0 a.m.3 views

ClearSCADA 'dbserver.exe' Remote Authentication Bypass Vulnerability

ClearSCADA is the integrated SCADA host platform. A remote authentication bypass vulnerability exists in ClearSCADA 'dbserver.exe', which allows an attacker to bypass authentication mechanisms and obtain sensitive information...

7.1AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/01/29 12:0 a.m.34 views

ClearSCADA Remote Authentication Bypass

!/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010 released Jan 2015 There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the...

0.5AI score
Exploits0
0day.today
0day.today
added 2015/01/28 12:0 a.m.33 views

ClearSCADA - Remote Authentication Bypass Exploit

There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it. !/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/28 12:0 a.m.27 views

StruxureWare SCADA Expert ClearSCADA Weak Hashing Algorithm

Binary data scadaclearscadaweakhashingalgorithm.nbin...

6.4CVSS7.3AI score0.01028EPSS
Exploits0References3
exploitpack
exploitpack
added 2015/01/28 12:0 a.m.31 views

ClearSCADA - Remote Authentication Bypass

ClearSCADA - Remote Authentication Bypass !/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010 released Jan 2015 There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2015/01/28 12:0 a.m.46 views

ClearSCADA - Remote Authentication Bypass

!/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010 released Jan 2015 There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/05 12:0 a.m.14 views

StruxureWare SCADA Expert ClearSCADA Remote Security Bypass

Binary data scadaclearscadaremotesecuritybypass.nbin...

6.4CVSS7.3AI score0.01572EPSS
Exploits0References3
ICS
ICS
added 2014/12/14 7:0 a.m.38 views

Schneider Electric StruxureWare SCADA Expert ClearSCADA Parsing Vulnerability

OVERVIEW Andrew Brooks identified and reported to The Zero Day Initiative ZDI a File Parsing Vulnerability: Schneider Electric StruxureWare SCADA Expert ClearSCADA ServerMain.exe OPF File Parsing Vulnerability. Schneider Electric has prepared workarounds and helped develop security upgrades for a...

6.8CVSS6.6AI score0.01487EPSS
Exploits0References10
Check Point Advisories
Check Point Advisories
added 2014/10/19 12:0 a.m.14 views

Schneider Electric SCADA Expert ClearSCADA Denial of Service (CVE-2014-5411)

A denial of service vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing an authenticated user to view crafted web content. This can result in a...

3.5CVSS4.1AI score0.01287EPSS
Exploits0
ICS
ICS
added 2014/10/17 6:0 a.m.31 views

Schneider Electric ClearSCADA Uncontrolled Resource Consumption Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an uncontrolled resource consumption vulnerability in the Schneider Electric SCADA Expert ClearSCADA software. Schneider Electric has produced a new version that mitigates this vulnerability. Adam Crain has...

4.3CVSS7.2AI score0.01164EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.17 views

Schneider Electric SCADA Expert ClearSCADA < 2014 R1.1 and Schneider Electric ClearSCADA < 2010 R3.2 Multiple Vulnerabilities

Binary data 8391.prm...

6.4CVSS6.9AI score0.01572EPSS
Exploits0References6
Check Point Advisories
Check Point Advisories
added 2014/10/13 12:0 a.m.20 views

Schneider Electric SCADA Expert ClearSCADA Authentication Bypass (CVE-2014-5412)

An information disclosure vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. This vulnerability is due to insufficient restrictions of the preconfigured guest account. A remote attacker can exploit this vulnerability to disclose sensitive system information...

5CVSS5.7AI score0.01572EPSS
Exploits0
NVD
NVD
added 2014/09/18 10:55 a.m.23 views

CVE-2014-5411

Multiple cross-site scripting XSS vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

4.9CVSS5.3AI score0.01287EPSS
Exploits0References3
NVD
NVD
added 2014/09/18 10:55 a.m.19 views

CVE-2014-5413

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm...

6.4CVSS6.5AI score0.01028EPSS
Exploits0References3
NVD
NVD
added 2014/09/18 10:55 a.m.20 views

CVE-2014-5412

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account...

6.4CVSS6.5AI score0.01572EPSS
Exploits0References3
Prion
Prion
added 2014/09/18 10:55 a.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.01287EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2014/09/18 10:0 a.m.57 views

CVE-2014-5412

Schneider Electric SCADA Expert ClearSCADA/ ClearSCADA (2010 R3 through 2014 R1) contains an authentication bypass via the default guest account, enabling remote disclosure of database records. Root cause: guest user’s read access exposes sensitive data without login. Affected products/versions: ...

6.4CVSS6.7AI score0.01572EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2014/09/18 10:0 a.m.52 views

CVE-2014-5413

CVE-2014-5413 affects Schneider Electric StruxureWare SCADA Expert ClearSCADA (2010 R3 through 2014 R1). The root issue is weak cryptographic controls: the self-signed web certificate uses MD5, enabling potential cryptographic spoofing of servers. Additionally, ICS-CERT describes a cross-site scr...

6.4CVSS6.7AI score0.01028EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2014/09/18 10:0 a.m.45 views

CVE-2014-5411

Schneider Electric SCADA Expert ClearSCADA (ClearSCADA 2010 R3 through 2014 R1; SCADA Expert ClearSCADA 2013/2014 R1 variants) is affected by CVE-2014-5411, a cross-site scripting (XSS) vulnerability combined with an authentication bypass and a weak MD5-based self-signed certificate issue. The IC...

4.9CVSS5.4AI score0.01287EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder