CVE-2014-5412

Schneider Electric ClearSCADA 2010 R3-2014 R1 - Unauthenticated Database Record Read via Guest Account

Title source: llm

Description

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.

References (3)

Core 3

Core References

Various Sources

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json

View Writeup ZIP pw:eip

Third Party Advisory, US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a

Scores

EPSS 0.0157

EPSS Percentile 72.2%

Details

CWE

CWE-264 CWE-287

Status published

Products (15)

aveva/clearscada 2010 r3 (2 CPE variants)

aveva/clearscada 2013 r1 (5 CPE variants)

Schneider Electric/ClearSCADA 2010 R3 (build 72.4560)

Schneider Electric/ClearSCADA 2010 R3.1 (build 72.4644)

Schneider Electric/ClearSCADA 2010 R3.2

Schneider Electric/SCADA Expert ClearSCADA 2013 R1 (build 73.4729)

Schneider Electric/SCADA Expert ClearSCADA 2013 R1.1 (build 73.4832)

Schneider Electric/SCADA Expert ClearSCADA 2013 R1.1a (build 73.4903)

Schneider Electric/SCADA Expert ClearSCADA 2013 R1.2 (build 73.4955)

Schneider Electric/SCADA Expert ClearSCADA 2013 R2 (build 74.5094)

... and 5 more

Published Sep 18, 2014

Tracked Since Feb 18, 2026