Cryptographic Vulnerability in Schneider Electric SCADA System
CVE-2014-5413

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Scada Expert Clearscada; Clearscada
Vendor: CVE Published:; 18 September 2014

Summary

Schneider Electric StruxureWare SCADA Expert ClearSCADA from versions 2010 R3 through 2014 R1 employs the MD5 hashing algorithm for X.509 certificates. This reliance on the MD5 algorithm introduces significant security risks, enabling remote attackers to exploit vulnerabilities in the cryptographic implementation and potentially spoof server identities. Such spoofing can lead to unauthorized access and manipulation of critical SCADA system functions.

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

x_refsource_MISC

Timeline

Vulnerability published
Sep 18, 2014
Vulnerability Reserved
Aug 22, 2014