CVE-2014-5413

Published: Sep 18, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

Affected (9)

Products: Aveva: Clearscada · Schneider Electric: Scada Expert Clearscada

Aveva

1 product

Clearscada

Schneider Electric

1 product

Scada Expert Clearscada

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Aveva Clearscada	Version 2010 r3.1
Aveva Clearscada	Version 2010 r3
Aveva Clearscada	Version 2013 r1.1
Aveva Clearscada	Version 2013 r1.1a
Aveva Clearscada	Version 2013 r1.2
Aveva Clearscada	Version 2013 r1
Aveva Clearscada	Version 2013 r2
Schneider Electric Scada Expert Clearscada	Version 2013 r2.1
Schneider Electric Scada Expert Clearscada	Version 2014 r1

Related CWEs

CWE-310

References (3)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json

Source: ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.