9 matches found
CVE-2014-0779
The CVE-2014-0779 issue affects the Kepware KepServerEX V4 PLC Driver in the ServerMain.exe component of Schneider Electric StruxureWare SCADA Expert ClearSCADA, impacting multiple release/build combos listed in the NVD entry (2010 R2, 2010 R2.1, 2010 R3, 2010 R3.1, 2013 R1, 2013 R1.1, 2013 R1.1a...
CVE-2014-5412
Schneider Electric SCADA Expert ClearSCADA/ ClearSCADA (2010 R3 through 2014 R1) contains an authentication bypass via the default guest account, enabling remote disclosure of database records. Root cause: guest user’s read access exposes sensitive data without login. Affected products/versions: ...
CVE-2011-3144
CVE-2011-3144 is an XSS vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 up to R2.3 and R1.4, used with SCX up to 67 R4.5 and 68 R3.9. Remote attackers can inject arbitrary web script/HTML via unspecified vectors. Affected components and exact vectors are not detailed in the ...
CVE-2014-5413
CVE-2014-5413 affects Schneider Electric StruxureWare SCADA Expert ClearSCADA (2010 R3 through 2014 R1). The root issue is weak cryptographic controls: the self-signed web certificate uses MD5, enabling potential cryptographic spoofing of servers. Additionally, ICS-CERT describes a cross-site scr...
CVE-2017-6021
The CVE-2017-6021 issue affects Schneider Electric ClearSCADA server and communications driver processes. Affected versions include 2014 R1 (build 75.5210) and prior, 2014 R1.1 (75.5387) and prior, 2015 R1 (76.5648) and prior, and 2015 R2 (77.5882) and prior. The root cause is improper input vali...
CVE-2013-6142
Summary (MODE C): Schneider Electric ClearSCADA/SCADA Expert ClearSCADA 2010 R2–R3.x and 2013 R1–R1.2 are affected by CVE-2013-6142, an uncontrolled resource consumption vulnerability in the DNP3 driver (DNP3Driver.exe). Specially crafted IP frames can trigger event journal flooding, potentially ...
CVE-2011-3143
CVE-2011-3143 is a use-after-free in Control Microsystems ClearSCADA 2005/2007/2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9. The vulnerability allows remote attackers to trigger heap memory corruption via unspecified long strings, causing a denial of service crash and pote...
CVE-2014-5411
Schneider Electric SCADA Expert ClearSCADA (ClearSCADA 2010 R3 through 2014 R1; SCADA Expert ClearSCADA 2013/2014 R1 variants) is affected by CVE-2014-5411, a cross-site scripting (XSS) vulnerability combined with an authentication bypass and a weak MD5-based self-signed certificate issue. The IC...
CVE-2017-9962
CVE-2017-9962 affects Schneider Electric ClearSCADA; versions released before August 2017 are vulnerable to a memory allocation issue triggered by malformed requests to ClearSCADA client applications, including ViewX and the Server Icon. The underlying cause and affected components are described ...