Detections
Analytics

Schneider Electric SCADA Expert ClearSCADA 2005 / 2007 / 2009 < 2009 R2.4 / 2010 < 2010 R1.1 Remote Authentication Bypass

medium Nessus Network Monitor Plugin ID 8610

Synopsis

A vulnerable version of Schneider Electric SCADA Expert ClearSCADA has been detected.

Description

Schneider Electric SCADA Expert ClearSCADA versions 2005, 2007, 2009, and 2010 < 2010 R1.1 are prone to a remote authentication bypass vulnerability because of improper exception handling. Specifically, this issue affects the 'dbserver.exe' file. An attacker may exploit this issue to gain access to sensitive information and modify certain functions.

Solution

Upgrade to SCADA Expert ClearSCADA version 2009 R2.4, 2010 R1.1, or later.

See Also

http://www.nessus.org/u?291ccce6

https://ics-cert.us-cert.gov/advisories/ICSA-11-173-01

Plugin Details

Severity: Medium

ID: 8610

Family: SCADA

Published: 7/17/2015

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:schneider-electric:scada_expert_clearscada

Patch Publication Date: 8/25/2011

Vulnerability Publication Date: 8/25/2011

Reference Information

BID: 72381