StruxureWare SCADA Expert ClearSCADA Remote Security Bypass

medium Nessus Plugin ID 80359


The remote web server is affected by an authentication bypass vulnerability.


The remote web server is a version of StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA) prior to version 2010 R3.2 / 2014 R1.1, or a version of 2013 R1 to 2013 R2.1. It is, therefore, affected by an authentication bypass vulnerability due to the default guest account not being restricted.


Change the default policy and remove guest account access to DBServer.

See Also

Plugin Details

Severity: Medium

ID: 80359

File Name: scada_clearscada_remote_security_bypass.nbin

Version: 1.68

Type: remote

Family: SCADA

Published: 1/5/2015

Updated: 7/19/2022

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:schneider-electric:clearscada, cpe:/a:schneider-electric:scada_expert_clearscada

Exploit Ease: No known exploits are available

Patch Publication Date: 10/6/2014

Vulnerability Publication Date: 10/6/2014

Reference Information

CVE: CVE-2014-5412

BID: 69840

ICSA: 14-259-01A