Cross-Site Scripting Vulnerability in Schneider Electric StruxureWare SCADA Expert
CVE-2014-5411

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Scada Expert Clearscada; Clearscada
Vendor: CVE Published:; 18 September 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in Schneider Electric's StruxureWare SCADA Expert ClearSCADA versions 2010 R3 through 2014 R1. These vulnerabilities allow remote authenticated users to inject arbitrary web scripts or HTML through unspecified vectors, potentially leading to unauthorized data manipulation and security breaches. Proper validation and sanitization of user input are crucial in mitigating the risks associated with such vulnerabilities.

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

x_refsource_MISC

Timeline

Vulnerability published
Sep 18, 2014
Vulnerability Reserved
Aug 22, 2014