CVE-2014-5412

Description

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.

Affected products

• Schneider Electric / ClearSCADA2010 R3 (build 72.4560) – 2010 R3 (build 72.4560)
• Schneider Electric / ClearSCADA2010 R3.1 (build 72.4644) – 2010 R3.1 (build 72.4644)
• Schneider Electric / ClearSCADA2010 R3.2 – 2010 R3.2
• Schneider Electric / SCADA Expert ClearSCADA2013 R1 (build 73.4729) – 2013 R1 (build 73.4729)
• Schneider Electric / SCADA Expert ClearSCADA2013 R1.1 (build 73.4832) – 2013 R1.1 (build 73.4832)
• Schneider Electric / SCADA Expert ClearSCADA2013 R1.1a (build 73.4903) – 2013 R1.1a (build 73.4903)
• Schneider Electric / SCADA Expert ClearSCADA2013 R1.2 (build 73.4955) – 2013 R1.2 (build 73.4955)
• Schneider Electric / SCADA Expert ClearSCADA2013 R2 (build 74.5094) – 2013 R2 (build 74.5094)
• Schneider Electric / SCADA Expert ClearSCADA2013 R2.1 (build 74.5192) – 2013 R2.1 (build 74.5192)
• Schneider Electric / SCADA Expert ClearSCADA2014 R1 (build 75.5210) – 2014 R1 (build 75.5210)
• Schneider Electric / SCADA Expert ClearSCADA2014 R1.1 – 2014 R1.1

References

• VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
• MISChttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json