Sign-up

ID

VAR-201409-0724


CVE

CVE-2014-5413


TITLE

Schneider Electric StruxureWare SCADA Expert ClearSCADA Vulnerable to server impersonation

Trust: 0.8

sources: JVNDB: JVNDB-2014-004284

DESCRIPTION

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1

Trust: 2.7

sources: NVD: CVE-2014-5413 // JVNDB: JVNDB-2014-004284 // CNVD: CNVD-2014-06121 // BID: 69842 // IVD: dcfe0734-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-73354

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: dcfe0734-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06121

AFFECTED PRODUCTS

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2014

Trust: 1.6

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013

Trust: 1.6

vendor:clearscadamodel: - scope:eqversion:2013

Trust: 1.0

vendor:avevamodel:clearscadascope:eqversion:2010

Trust: 1.0

vendor:avevamodel:clearscadascope:eqversion:2013

Trust: 1.0

vendor:schneider electricmodel:clearscadascope:eqversion:2010 r3 (build 72.4560)

Trust: 0.8

vendor:schneider electricmodel:clearscadascope:eqversion:2010 r3.1 (build 72.4644)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r1 (build 73.4729)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r1.1 (build 73.4832)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r1.1a (build 73.4903)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r1.2 (build 73.4955)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r2 (build 74.5094)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r2.1 (build 74.5192)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2014 r1 (build 75.5210)

Trust: 0.8

vendor:schneidermodel:electric clearscada r3-2014 r1scope:eqversion:2010

Trust: 0.6

vendor:schneider electricmodel:clearscadascope:eqversion:2010

Trust: 0.6

vendor:clearscadamodel: - scope:eqversion:2010

Trust: 0.4

vendor:scada expert clearscadamodel: - scope:eqversion:2013

Trust: 0.2

vendor:scada expert clearscadamodel: - scope:eqversion:2014

Trust: 0.2

sources: IVD: dcfe0734-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06121 // JVNDB: JVNDB-2014-004284 // CNNVD: CNNVD-201409-658 // NVD: CVE-2014-5413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5413
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-5413
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-06121
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201409-658
value: MEDIUM

Trust: 0.6

IVD: dcfe0734-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-73354
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-5413
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-5413
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-06121
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: dcfe0734-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-73354
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: dcfe0734-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06121 // VULHUB: VHN-73354 // JVNDB: JVNDB-2014-004284 // CNNVD: CNNVD-201409-658 // NVD: CVE-2014-5413

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-73354 // JVNDB: JVNDB-2014-004284 // NVD: CVE-2014-5413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-658

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201409-658

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004284

PATCH
title:StruxureWare SCADA Expert ClearSCADAurl:http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA&xtcr=1
Trust: 0.8
title:Schneider Electric ClearSCADA has patches for remote unknown vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/50145
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-06121 // 
            
            
            
            JVNDB: JVNDB-2014-004284

EXTERNAL IDS
db:NVDid:CVE-2014-5413
Trust: 3.6
db:ICS CERTid:ICSA-14-259-01
Trust: 2.5
db:BIDid:69842
Trust: 1.0
db:CNNVDid:CNNVD-201409-658
Trust: 0.9
db:CNVDid:CNVD-2014-06121
Trust: 0.8
db:JVNDBid:JVNDB-2014-004284
Trust: 0.8
db:IVDid:DCFE0734-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-73354
Trust: 0.1
sources:
            
            
            IVD: dcfe0734-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-06121 // 
            
            
            
            VULHUB: VHN-73354 // 
            
            
            
            BID: 69842 // 
            
            
            
            JVNDB: JVNDB-2014-004284 // 
            
            
            
            CNNVD: CNNVD-201409-658 // 
            
            
            
            NVD: CVE-2014-5413

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-14-259-01
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5413
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5413
Trust: 0.8
url:http://www.securityfocus.com/bid/69842/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-06121 // 
            
            
            
            VULHUB: VHN-73354 // 
            
            
            
            JVNDB: JVNDB-2014-004284 // 
            
            
            
            CNNVD: CNNVD-201409-658 // 
            
            
            
            NVD: CVE-2014-5413

CREDITS
Aditya Sood
Trust: 0.3
sources:
            
            
            BID: 69842

SOURCES
db:IVDid:dcfe0734-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-06121
db:VULHUBid:VHN-73354
db:BIDid:69842
db:JVNDBid:JVNDB-2014-004284
db:CNNVDid:CNNVD-201409-658
db:NVDid:CVE-2014-5413

LAST UPDATE DATE
2025-04-13T23:22:32.347000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-06121date:2014-09-22T00:00:00
db:VULHUBid:VHN-73354date:2018-12-31T00:00:00
db:BIDid:69842date:2014-10-08T07:00:00
db:JVNDBid:JVNDB-2014-004284date:2014-09-19T00:00:00
db:CNNVDid:CNNVD-201409-658date:2014-09-22T00:00:00
db:NVDid:CVE-2014-5413date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:dcfe0734-2351-11e6-abef-000c29c66e3ddate:2014-09-22T00:00:00
db:CNVDid:CNVD-2014-06121date:2014-09-22T00:00:00
db:VULHUBid:VHN-73354date:2014-09-18T00:00:00
db:BIDid:69842date:2014-09-16T00:00:00
db:JVNDBid:JVNDB-2014-004284date:2014-09-19T00:00:00
db:CNNVDid:CNNVD-201409-658date:2014-09-22T00:00:00
db:NVDid:CVE-2014-5413date:2014-09-18T10:55:11.733