Improper Authentication Vulnerability in EcoStruxure Geo SCADA Expert by Schneider Electric
CVE-2019-6854

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Geo Scada Expert (clearscada) With Initial Releases Before 1 January 2019 (see Notification For More Details)
Vendor: CVE Published:; 6 January 2020

Summary

An improper authentication vulnerability in the EcoStruxure Geo SCADA Expert (ClearSCADA) system allows low privilege users to exploit access to the file system, potentially enabling them to delete or modify critical database, setting, or certificate files. The issue affects versions released before January 1, 2019, specifically including ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. Users must be granted access to the operating system's file system to exploit this vulnerability, highlighting the importance of securing user permissions.

Affected Version(s)

EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details) EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)

References

https://www.se.com/ww/en/download/document/SEVD-2019-344-05/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2020
Vulnerability Reserved
Jan 25, 2019