CVE-2014-5413

Schneider Electric ClearSCADA 2010 R3-2014 R1 - Remote Server Spoofing via MD5 X.509 Certificate

Title source: llm

Description

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

References (3)

Core 3

Core References

Various Sources

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json

View Writeup ZIP pw:eip

Third Party Advisory, US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a

Scores

EPSS 0.0103

EPSS Percentile 59.1%

Details

CWE

CWE-310

Status published

Products (15)

aveva/clearscada 2010 r3 (2 CPE variants)

aveva/clearscada 2013 r1 (5 CPE variants)

Schneider Electric/ClearSCADA 2010 R3 (build 72.4560)

Schneider Electric/ClearSCADA 2010 R3.1 (build 72.4644)

Schneider Electric/ClearSCADA 2010 R3.2

Schneider Electric/SCADA Expert ClearSCADA 2013 R1 (build 73.4729)

Schneider Electric/SCADA Expert ClearSCADA 2013 R1.1 (build 73.4832)

Schneider Electric/SCADA Expert ClearSCADA 2013 R1.1a (build 73.4903)

Schneider Electric/SCADA Expert ClearSCADA 2013 R1.2 (build 73.4955)

Schneider Electric/SCADA Expert ClearSCADA 2013 R2 (build 74.5094)

... and 5 more

Published Sep 18, 2014

Tracked Since Feb 18, 2026