133 matches found
ClearSCADA-Remote-Authentication-Bypass
When an exception in occurs, ClearSCADA enters "Safe Mode". This exposes it's diagnostic functions to remote users without requiring a valid login as it would normally. A remote attacker could view senstive information and possibly modify functions of the server running on the affected host...
ClearSCADA 'dbserver.exe' Remote Authentication Bypass Vulnerability
ClearSCADA is the integrated SCADA host platform. A remote authentication bypass vulnerability exists in ClearSCADA 'dbserver.exe', which allows an attacker to bypass authentication mechanisms and obtain sensitive information...
ClearSCADA Remote Authentication Bypass
!/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010 released Jan 2015 There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the...
ClearSCADA - Remote Authentication Bypass Exploit
There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it. !/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010...
StruxureWare SCADA Expert ClearSCADA Weak Hashing Algorithm
Binary data scadaclearscadaweakhashingalgorithm.nbin...
ClearSCADA - Remote Authentication Bypass
ClearSCADA - Remote Authentication Bypass !/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010 released Jan 2015 There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in...
ClearSCADA - Remote Authentication Bypass
!/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010 released Jan 2015 There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the...
StruxureWare SCADA Expert ClearSCADA Remote Security Bypass
Binary data scadaclearscadaremotesecuritybypass.nbin...
Schneider Electric StruxureWare SCADA Expert ClearSCADA Parsing Vulnerability
OVERVIEW Andrew Brooks identified and reported to The Zero Day Initiative ZDI a File Parsing Vulnerability: Schneider Electric StruxureWare SCADA Expert ClearSCADA ServerMain.exe OPF File Parsing Vulnerability. Schneider Electric has prepared workarounds and helped develop security upgrades for a...
Schneider Electric SCADA Expert ClearSCADA Denial of Service (CVE-2014-5411)
A denial of service vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing an authenticated user to view crafted web content. This can result in a...
Schneider Electric ClearSCADA Uncontrolled Resource Consumption Vulnerability
OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an uncontrolled resource consumption vulnerability in the Schneider Electric SCADA Expert ClearSCADA software. Schneider Electric has produced a new version that mitigates this vulnerability. Adam Crain has...
Schneider Electric SCADA Expert ClearSCADA < 2014 R1.1 and Schneider Electric ClearSCADA < 2010 R3.2 Multiple Vulnerabilities
Binary data 8391.prm...
Schneider Electric SCADA Expert ClearSCADA Authentication Bypass (CVE-2014-5412)
An information disclosure vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. This vulnerability is due to insufficient restrictions of the preconfigured guest account. A remote attacker can exploit this vulnerability to disclose sensitive system information...
CVE-2014-5411
Multiple cross-site scripting XSS vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-5413
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm...
CVE-2014-5412
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-5412
Schneider Electric SCADA Expert ClearSCADA/ ClearSCADA (2010 R3 through 2014 R1) contains an authentication bypass via the default guest account, enabling remote disclosure of database records. Root cause: guest user’s read access exposes sensitive data without login. Affected products/versions: ...
CVE-2014-5413
CVE-2014-5413 affects Schneider Electric StruxureWare SCADA Expert ClearSCADA (2010 R3 through 2014 R1). The root issue is weak cryptographic controls: the self-signed web certificate uses MD5, enabling potential cryptographic spoofing of servers. Additionally, ICS-CERT describes a cross-site scr...
CVE-2014-5411
Schneider Electric SCADA Expert ClearSCADA (ClearSCADA 2010 R3 through 2014 R1; SCADA Expert ClearSCADA 2013/2014 R1 variants) is affected by CVE-2014-5411, a cross-site scripting (XSS) vulnerability combined with an authentication bypass and a weak MD5-based self-signed certificate issue. The IC...