CVE-2014-5412

Aveva Clearscada - Authentication Bypass

Title source: rule

Description

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.

References (3)

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json

View Writeup ZIP pw:eip

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a

Scores

EPSS 0.0054

EPSS Percentile 67.2%

Classification

CWE

CWE-287 CWE-264

Status draft

Affected Products (9)

aveva/clearscada

schneider-electric/scada_expert_clearscada

Timeline

Published Sep 18, 2014

Tracked Since Feb 18, 2026