Cryptographic Vulnerability in Schneider Electric SCADA System
CVE-2014-5413

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Clearscada; Scada Expert Clearscada
Vendor: CVE Published:; 18 September 2014

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2014-5413?

Schneider Electric StruxureWare SCADA Expert ClearSCADA from versions 2010 R3 through 2014 R1 employs the MD5 hashing algorithm for X.509 certificates. This reliance on the MD5 algorithm introduces significant security risks, enabling remote attackers to exploit vulnerabilities in the cryptographic implementation and potentially spoof server identities. Such spoofing can lead to unauthorized access and manipulation of critical SCADA system functions.

Affected Version(s)

ClearSCADA 2010 R3 (build 72.4560)

ClearSCADA 2010 R3.1 (build 72.4644)

SCADA Expert ClearSCADA 2013 R1 (build 73.4729)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-14-2...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2014
Vulnerability Reserved
Aug 22, 2014

CVE-2014-5413 Data

JSON