Details of VAR-201409-0723

ID

VAR-201409-0723

CVE

CVE-2014-5412

TITLE

Schneider Electric ClearSCADA Remote Security Bypass Vulnerability

Trust: 0.8

sources: IVD: dcf002d8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06087

DESCRIPTION

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure

Trust: 2.7

sources: NVD: CVE-2014-5412 // JVNDB: JVNDB-2014-004283 // CNVD: CNVD-2014-06087 // BID: 69840 // IVD: dcf002d8-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-73353

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: dcf002d8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06087

AFFECTED PRODUCTS

vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2014	Trust: 1.6
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013	Trust: 1.6
vendor:	clearscada	model:	-	scope:	eq	version:	2013	Trust: 1.0
vendor:	aveva	model:	clearscada	scope:	eq	version:	2010	Trust: 1.0
vendor:	aveva	model:	clearscada	scope:	eq	version:	2013	Trust: 1.0
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2010 r3 (build 72.4560)	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2010 r3.1 (build 72.4644)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r1 (build 73.4729)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r1.1 (build 73.4832)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r1.1a (build 73.4903)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r1.2 (build 73.4955)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r2 (build 74.5094)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r2.1 (build 74.5192)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2014 r1 (build 75.5210)	Trust: 0.8
vendor:	schneider	model:	electric clearscada	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2010	Trust: 0.6
vendor:	clearscada	model:	-	scope:	eq	version:	2010	Trust: 0.4
vendor:	scada expert clearscada	model:	-	scope:	eq	version:	2013	Trust: 0.2
vendor:	scada expert clearscada	model:	-	scope:	eq	version:	2014	Trust: 0.2

sources: IVD: dcf002d8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06087 // JVNDB: JVNDB-2014-004283 // CNNVD: CNNVD-201409-657 // NVD: CVE-2014-5412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-5412
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-5412
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-06087
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201409-657
value:	MEDIUM
Trust: 0.6
IVD:	dcf002d8-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-73353
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-5412
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06087
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	dcf002d8-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-73353
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: dcf002d8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06087 // VULHUB: VHN-73353 // JVNDB: JVNDB-2014-004283 // CNNVD: CNNVD-201409-657 // NVD: CVE-2014-5412

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-73353 // JVNDB: JVNDB-2014-004283 // NVD: CVE-2014-5412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-657

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201409-657

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004283

PATCH

title:

StruxureWare SCADA Expert ClearSCADA

url:

http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA&xtcr=1

Trust: 0.8

sources: JVNDB: JVNDB-2014-004283

EXTERNAL IDS

db:	NVD	id:	CVE-2014-5412	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-259-01	Trust: 2.8
db:	BID	id:	69840	Trust: 1.0
db:	CNNVD	id:	CNNVD-201409-657	Trust: 0.9
db:	CNVD	id:	CNVD-2014-06087	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004283	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-259-01A	Trust: 0.3
db:	IVD	id:	DCF002D8-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-73353	Trust: 0.1

sources: IVD: dcf002d8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06087 // VULHUB: VHN-73353 // BID: 69840 // JVNDB: JVNDB-2014-004283 // CNNVD: CNNVD-201409-657 // NVD: CVE-2014-5412

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-14-259-01	Trust: 2.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5412	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5412	Trust: 0.8
url:	http://www.securityfocus.com/bid/69840	Trust: 0.6
url:	http://www.schneider-electric.com/products/ww/en/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-14-259-01a	Trust: 0.3

sources: CNVD: CNVD-2014-06087 // VULHUB: VHN-73353 // BID: 69840 // JVNDB: JVNDB-2014-004283 // CNNVD: CNNVD-201409-657 // NVD: CVE-2014-5412

CREDITS

CERT

Trust: 0.3

sources: BID: 69840

SOURCES

db:	IVD	id:	dcf002d8-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-06087
db:	VULHUB	id:	VHN-73353
db:	BID	id:	69840
db:	JVNDB	id:	JVNDB-2014-004283
db:	CNNVD	id:	CNNVD-201409-657
db:	NVD	id:	CVE-2014-5412

LAST UPDATE DATE

2025-04-13T23:22:32.386000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06087	date:	2014-09-19T00:00:00
db:	VULHUB	id:	VHN-73353	date:	2018-12-31T00:00:00
db:	BID	id:	69840	date:	2015-03-19T08:46:00
db:	JVNDB	id:	JVNDB-2014-004283	date:	2014-09-19T00:00:00
db:	CNNVD	id:	CNNVD-201409-657	date:	2014-09-19T00:00:00
db:	NVD	id:	CVE-2014-5412	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	dcf002d8-2351-11e6-abef-000c29c66e3d	date:	2014-09-19T00:00:00
db:	CNVD	id:	CNVD-2014-06087	date:	2014-09-19T00:00:00
db:	VULHUB	id:	VHN-73353	date:	2014-09-18T00:00:00
db:	BID	id:	69840	date:	2014-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004283	date:	2014-09-19T00:00:00
db:	CNNVD	id:	CNNVD-201409-657	date:	2014-09-19T00:00:00
db:	NVD	id:	CVE-2014-5412	date:	2014-09-18T10:55:11.687