EUVD-2014-5299

Malware in sbrugna...

Information disclosure

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 formerly known as...

PT-2023-1235 · Schneider Electric · Ecostruxure Geo Scada Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Geo SCADA Expert versions 2019 through 2021 ClearSCADA all versions Description: A vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. This...

CVE-2015-1014

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3....

Schneider Electric StruxureWare SCADA Expert ClearSCADA Parsing Vulnerability

OVERVIEW Andrew Brooks identified and reported to The Zero Day Initiative ZDI a File Parsing Vulnerability: Schneider Electric StruxureWare SCADA Expert ClearSCADA ServerMain.exe OPF File Parsing Vulnerability. Schneider Electric has prepared workarounds and helped develop security upgrades for a...

Schneider Electric ClearSCADA Uncontrolled Resource Consumption Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an uncontrolled resource consumption vulnerability in the Schneider Electric SCADA Expert ClearSCADA software. Schneider Electric has produced a new version that mitigates this vulnerability. Adam Crain has...

Schneider Electric SCADA Expert ClearSCADA < 2014 R1.1 and Schneider Electric ClearSCADA < 2010 R3.2 Multiple Vulnerabilities

Binary data 8391.prm...

Schneider Electric SCADA Expert ClearSCADA Authentication Bypass (CVE-2014-5412)

An information disclosure vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. This vulnerability is due to insufficient restrictions of the preconfigured guest account. A remote attacker can exploit this vulnerability to disclose sensitive system information...

CVE-2013-6142

DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service resource consumption via IP packets containing errors that trigger event-journal messages...