CVE-2022-24321

Published: Feb 9, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

Affected (3)

Products: Schneider Electric: Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020

Schneider Electric

3 products

Clearscada

Ecostruxure Geo Scada Expert 2019

Ecostruxure Geo Scada Expert 2020

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Clearscada	All versions
Schneider Electric Ecostruxure Geo Scada Expert 2019	All versions
Schneider Electric Ecostruxure Geo Scada Expert 2020	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.