Details of VAR-201501-0769

ID

VAR-201501-0769

TITLE

ClearSCADA 'dbserver.exe' Remote Authentication Bypass Vulnerability

Trust: 1.1

sources: IVD: b251d472-1e95-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00896 // BID: 72381

DESCRIPTION

ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA is an open software platform designed by Schneider Electric of France for SCADA systems with multiple remote controllers and sensors. It is also an important part of telemetry and remote SCADA system solutions. Remotely manage critical infrastructure. A remote authentication bypass vulnerability exists in Schneider Electric ClearSCADA. Attackers can use this vulnerability to bypass the authentication mechanism and obtain sensitive information. Vulnerabilities exist in the Schneider Electric ClearSCADA 2010R1 version, other versions may also be affected. ClearSCADA is prone to a remote authentication-bypass vulnerability

Trust: 1.53

sources: CNVD: CNVD-2015-00896 // CNNVD: CNNVD-201502-037 // BID: 72381 // IVD: b251d472-1e95-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: b251d472-1e95-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00896

AFFECTED PRODUCTS

vendor:	clearscada	model:	2010r1	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	clearscada r1	scope:	eq	version:	2010	Trust: 0.3
vendor:	clearscada	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: b251d472-1e95-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00896 // BID: 72381

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-00896
value:	MEDIUM
Trust: 0.6
IVD:	b251d472-1e95-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2015-00896
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	b251d472-1e95-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: b251d472-1e95-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00896

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-037

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201502-037

EXTERNAL IDS

db:	BID	id:	72381	Trust: 1.5
db:	CNVD	id:	CNVD-2015-00896	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-037	Trust: 0.6
db:	IVD	id:	B251D472-1E95-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: b251d472-1e95-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00896 // BID: 72381 // CNNVD: CNNVD-201502-037

REFERENCES

url:	http://www.securityfocus.com/bid/72381	Trust: 1.2
url:	http://www.clearscada.com/index.cfm	Trust: 0.3

sources: CNVD: CNVD-2015-00896 // BID: 72381 // CNNVD: CNNVD-201502-037

CREDITS

Jeremy Brown

Trust: 0.9

sources: BID: 72381 // CNNVD: CNNVD-201502-037

SOURCES

db:	IVD	id:	b251d472-1e95-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-00896
db:	BID	id:	72381
db:	CNNVD	id:	CNNVD-201502-037

LAST UPDATE DATE

2022-05-17T01:51:06.006000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-00896	date:	2015-02-04T00:00:00
db:	BID	id:	72381	date:	2015-01-29T00:00:00
db:	CNNVD	id:	CNNVD-201502-037	date:	2015-02-03T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	b251d472-1e95-11e6-abef-000c29c66e3d	date:	2015-02-04T00:00:00
db:	CNVD	id:	CNVD-2015-00896	date:	2015-02-03T00:00:00
db:	BID	id:	72381	date:	2015-01-29T00:00:00
db:	CNNVD	id:	CNNVD-201502-037	date:	2015-01-29T00:00:00