CVE-2014-5412

Published: Sep 18, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.

Affected (9)

Products: Aveva: Clearscada · Schneider Electric: Scada Expert Clearscada

Aveva

1 product

Clearscada

Schneider Electric

1 product

Scada Expert Clearscada

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Aveva Clearscada	Version 2010 r3.1
Aveva Clearscada	Version 2010 r3
Aveva Clearscada	Version 2013 r1.1
Aveva Clearscada	Version 2013 r1.1a
Aveva Clearscada	Version 2013 r1.2
Aveva Clearscada	Version 2013 r1
Aveva Clearscada	Version 2013 r2
Schneider Electric Scada Expert Clearscada	Version 2013 r2.1
Schneider Electric Scada Expert Clearscada	Version 2014 r1

Related CWEs

CWE-264

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (3)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json

Source: ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.