Description
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
References (3)
Core 3
Core References
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
Scores
EPSS
0.0054
EPSS Percentile
67.6%
Details
CWE
CWE-287
CWE-264
Status
published
Products (15)
aveva/clearscada
2010 r3 (2 CPE variants)
aveva/clearscada
2013 r1 (5 CPE variants)
Schneider Electric/ClearSCADA
2010 R3 (build 72.4560)
Schneider Electric/ClearSCADA
2010 R3.1 (build 72.4644)
Schneider Electric/ClearSCADA
2010 R3.2
Schneider Electric/SCADA Expert ClearSCADA
2013 R1 (build 73.4729)
Schneider Electric/SCADA Expert ClearSCADA
2013 R1.1 (build 73.4832)
Schneider Electric/SCADA Expert ClearSCADA
2013 R1.1a (build 73.4903)
Schneider Electric/SCADA Expert ClearSCADA
2013 R1.2 (build 73.4955)
Schneider Electric/SCADA Expert ClearSCADA
2013 R2 (build 74.5094)
... and 5 more
Published
Sep 18, 2014
Tracked Since
Feb 18, 2026