Remote Database Access Vulnerability in Schneider Electric StruxureWare SCADA Expert
CVE-2014-5412

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Scada Expert Clearscada; Clearscada
Vendor: CVE Published:; 18 September 2014

Summary

The vulnerability within Schneider Electric's StruxureWare SCADA Expert ClearSCADA allows unauthorized remote attackers to read sensitive database records by exploiting privileges associated with the guest account. This loophole poses significant risks for the integrity of operational data, potentially leading to further exploitation if not addressed promptly. It underscores the importance of enforcing robust access control measures and monitoring for unusual activities within industrial control systems.

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

x_refsource_MISC

Timeline

Vulnerability published
Sep 18, 2014
Vulnerability Reserved
Aug 22, 2014