67 matches found
CVE-2022-24319
CVE-2022-24319 affects ClearSCADA (all versions) and EcoStruxure Geo SCADA Expert 2019/2020 (all versions). The underlying issue is CWE-295: improper certificate validation, enabling a potential Man‑in‑the‑Middle if communications between the client and Geo SCADA web server are intercepted. The a...
CVE-2022-24319
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo...
CVE-2022-24318
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...
CVE-2022-24318
CVE-2022-24318 affects ClearSCADA (All Versions) and EcoStruxure Geo SCADA Expert 2019/2020. The root cause is CWE-326: Inadequate Encryption Strength, causing non‑encrypted communication with the server when using outdated ViewX clients. The CVSS metrics updated show an attacker‑friendly network...
EcoStruxure Geo SCADA Expert 信任管理问题漏洞
EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable supervisory control and data acquisition SCADA software A trust management issue vulnerability exists in EcoStruxure Geo SCADA Expert that stems from a possible man-in-the-middle attack when communication between a client and t...
EcoStruxure Geo SCADA Expert 代码问题漏洞
EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable surveillance and data acquisition SCADA software A code issue vulnerability exists in EcoStruxure Geo SCADA Expert that stems from a denial of service to the Geo SCADA server when an improper HTTP request is received...
The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020 and EcoStruxure Geo SCADA Expert 2019 lies in the insufficient protection of registration data, allowing unauthorized access by attackers to the protected information.
The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020 and EcoStruxure Geo SCADA Expert 2019 is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
CVE-2021-22741
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...
Design/Logic Flaw
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...
CVE-2021-22741
CVE-2021-22741 affects Schneider Electric ClearSCADA and EcoStruxure Geo SCADA Expert (2019 all versions; 2020 up to v83.7742.1). The issue is a Password Hash with Insufficient Computational Effort, which could allow an attacker with access to server database files to decrypt or reveal user crede...
CVE-2021-22741
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...
CVE-2020-28219
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....
CVE-2020-28219
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....
Design/Logic Flaw
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....
CVE-2020-28219
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....
Schneider Electric EcoStruxure Geo SCADA Expert License Issue Vulnerability
Schneider Electric EcoStruxure Geo SCADA Expert ClearSCADA is a suite of data acquisition and monitoring software SCADA from Schneider Electric, France. EcoStruxure Geo SCADA Expert 2019 has a security vulnerability that stems from insufficient credential protection, which could result in risk...
CVE-2019-6854
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...
CVE-2015-1014
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3....
Schneider Electric StruxureWare SCADA Expert ClearSCADA Parsing Vulnerability
OVERVIEW Andrew Brooks identified and reported to The Zero Day Initiative ZDI a File Parsing Vulnerability: Schneider Electric StruxureWare SCADA Expert ClearSCADA ServerMain.exe OPF File Parsing Vulnerability. Schneider Electric has prepared workarounds and helped develop security upgrades for a...
Schneider Electric ClearSCADA Uncontrolled Resource Consumption Vulnerability
OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an uncontrolled resource consumption vulnerability in the Schneider Electric SCADA Expert ClearSCADA software. Schneider Electric has produced a new version that mitigates this vulnerability. Adam Crain has...