CVE-2022-24318

Published: Feb 9, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

Affected (3)

Products: Schneider Electric: Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020

Schneider Electric

3 products

Clearscada

Ecostruxure Geo Scada Expert 2019

Ecostruxure Geo Scada Expert 2020

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Clearscada	All versions
Schneider Electric Ecostruxure Geo Scada Expert 2019	All versions
Schneider Electric Ecostruxure Geo Scada Expert 2020	All versions

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.