Details of VAR-201309-0480

ID

VAR-201309-0480

TITLE

ClearSCADA Web Request Handling Remote Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-13325

DESCRIPTION

ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA handles a WEB request with an error that allows a remote attacker to exploit a vulnerability to submit a malicious request, trigger an exception, and crash the application. ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to trigger an exception and cause denial-of-service condition

Trust: 0.99

sources: CNVD: CNVD-2013-13325 // BID: 62635 // IVD: e5e04396-1f08-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e5e04396-1f08-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13325

AFFECTED PRODUCTS

vendor:	schneider	model:	electric clearscada	scope:	eq	version:	2013	Trust: 0.8
vendor:	schneider electric	model:	clearscada r1.1a	scope:	eq	version:	2013	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1.1	scope:	eq	version:	2013	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1	scope:	eq	version:	2013	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1.2	scope:	ne	version:	2013	Trust: 0.3

sources: IVD: e5e04396-1f08-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13325 // BID: 62635

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-13325
value:	MEDIUM
Trust: 0.6
IVD:	e5e04396-1f08-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2013-13325
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e5e04396-1f08-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e5e04396-1f08-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13325

THREAT TYPE

network

Trust: 0.3

sources: BID: 62635

TYPE

Design Error

Trust: 0.3

sources: BID: 62635

PATCH

title:

ClearSCADA Web Request to Handle Patch for Remote Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/39879

Trust: 0.6

sources: CNVD: CNVD-2013-13325

EXTERNAL IDS

db:	SCHNEIDER	id:	SEVD-2013-213-01	Trust: 0.9
db:	CNVD	id:	CNVD-2013-13325	Trust: 0.8
db:	SECUNIA	id:	54931	Trust: 0.6
db:	BID	id:	62635	Trust: 0.3
db:	IVD	id:	E5E04396-1F08-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: e5e04396-1f08-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13325 // BID: 62635

REFERENCES

url:	http://download.schneider-electric.com/files?p_file_id=167024844&p_file_name=sevd-2013-213-01-clearscada.pdf	Trust: 0.9
url:	http://www.secunia.com/advisories/54931/	Trust: 0.6
url:	http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/	Trust: 0.3

sources: CNVD: CNVD-2013-13325 // BID: 62635

CREDITS

Automation Solutions Inc.

Trust: 0.3

sources: BID: 62635

SOURCES

db:	IVD	id:	e5e04396-1f08-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-13325
db:	BID	id:	62635

LAST UPDATE DATE

2022-05-17T01:48:04.339000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13325	date:	2013-09-29T00:00:00
db:	BID	id:	62635	date:	2013-08-01T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e5e04396-1f08-11e6-abef-000c29c66e3d	date:	2013-09-29T00:00:00
db:	CNVD	id:	CNVD-2013-13325	date:	2013-09-27T00:00:00
db:	BID	id:	62635	date:	2013-08-01T00:00:00