Lucene search
K

67 matches found

CVE
CVE
added 2022/02/09 10:5 p.m.78 views

CVE-2022-24319

CVE-2022-24319 affects ClearSCADA (all versions) and EcoStruxure Geo SCADA Expert 2019/2020 (all versions). The underlying issue is CWE-295: improper certificate validation, enabling a potential Man‑in‑the‑Middle if communications between the client and Geo SCADA web server are intercepted. The a...

5.9CVSS5.7AI score0.00575EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2022/02/09 10:5 p.m.30 views

CVE-2022-24319

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo...

6AI score0.00575EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/09 10:5 p.m.37 views

CVE-2022-24318

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

7.7AI score0.00391EPSS
Exploits0References1
CVE
CVE
added 2022/02/09 10:5 p.m.92 views

CVE-2022-24318

CVE-2022-24318 affects ClearSCADA (All Versions) and EcoStruxure Geo SCADA Expert 2019/2020. The root cause is CWE-326: Inadequate Encryption Strength, causing non‑encrypted communication with the server when using outdated ViewX clients. The CVSS metrics updated show an attacker‑friendly network...

7.5CVSS7.5AI score0.00391EPSS
Exploits0References1Affected Software3
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.8 views

EcoStruxure Geo SCADA Expert 信任管理问题漏洞

EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable supervisory control and data acquisition SCADA software A trust management issue vulnerability exists in EcoStruxure Geo SCADA Expert that stems from a possible man-in-the-middle attack when communication between a client and t...

5.9CVSS6AI score0.00544EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.5 views

EcoStruxure Geo SCADA Expert 代码问题漏洞

EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable surveillance and data acquisition SCADA software A code issue vulnerability exists in EcoStruxure Geo SCADA Expert that stems from a denial of service to the Geo SCADA server when an improper HTTP request is received...

7.5CVSS7.5AI score0.00999EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/08/18 12:0 a.m.7 views

The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020 and EcoStruxure Geo SCADA Expert 2019 lies in the insufficient protection of registration data, allowing unauthorized access by attackers to the protected information.

The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020 and EcoStruxure Geo SCADA Expert 2019 is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.00307EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2021/05/26 8:15 p.m.21 views

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

6.7CVSS0.00166EPSS
Exploits0References1
Prion
Prion
added 2021/05/26 8:15 p.m.24 views

Design/Logic Flaw

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

4.6CVSS6.6AI score0.00166EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/26 7:20 p.m.63 views

CVE-2021-22741

CVE-2021-22741 affects Schneider Electric ClearSCADA and EcoStruxure Geo SCADA Expert (2019 all versions; 2020 up to v83.7742.1). The issue is a Password Hash with Insufficient Computational Effort, which could allow an attacker with access to server database files to decrypt or reveal user crede...

6.7CVSS6.6AI score0.00166EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2021/05/26 7:20 p.m.32 views

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

6.8AI score0.00166EPSS
Exploits0References1
OSV
OSV
added 2020/12/11 1:15 a.m.8 views

CVE-2020-28219

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....

7.8CVSS7.1AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2020/12/11 1:15 a.m.32 views

CVE-2020-28219

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....

7.8CVSS7.5AI score0.00307EPSS
Exploits0References1
Prion
Prion
added 2020/12/11 1:15 a.m.24 views

Design/Logic Flaw

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....

2.1CVSS7.5AI score0.00307EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/12/11 12:51 a.m.29 views

CVE-2020-28219

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....

7.5AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/11 12:0 a.m.7 views

Schneider Electric EcoStruxure Geo SCADA Expert License Issue Vulnerability

Schneider Electric EcoStruxure Geo SCADA Expert ClearSCADA is a suite of data acquisition and monitoring software SCADA from Schneider Electric, France. EcoStruxure Geo SCADA Expert 2019 has a security vulnerability that stems from insufficient credential protection, which could result in risk...

7.8CVSS7.1AI score0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/01/06 10:56 p.m.25 views

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

7.7AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/03/25 6:7 p.m.19 views

CVE-2015-1014

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3....

7.5AI score0.00456EPSS
Exploits0References1
ICS
ICS
added 2014/12/14 7:0 a.m.39 views

Schneider Electric StruxureWare SCADA Expert ClearSCADA Parsing Vulnerability

OVERVIEW Andrew Brooks identified and reported to The Zero Day Initiative ZDI a File Parsing Vulnerability: Schneider Electric StruxureWare SCADA Expert ClearSCADA ServerMain.exe OPF File Parsing Vulnerability. Schneider Electric has prepared workarounds and helped develop security upgrades for a...

6.8CVSS6.6AI score0.01487EPSS
Exploits0References10
ICS
ICS
added 2014/10/17 6:0 a.m.32 views

Schneider Electric ClearSCADA Uncontrolled Resource Consumption Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an uncontrolled resource consumption vulnerability in the Schneider Electric SCADA Expert ClearSCADA software. Schneider Electric has produced a new version that mitigates this vulnerability. Adam Crain has...

4.3CVSS7.2AI score0.01164EPSS
Exploits0References10
Rows per page
Query Builder