StruxureWare SCADA Expert ClearSCADA Remote Security Bypass
Medium Nessus Plugin ID 80359
SynopsisThe remote web server is affected by an authentication bypass vulnerability.
DescriptionThe remote web server is a version of StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA) prior to version 2010 R3.2 / 2014 R1.1, or a version of 2013 R1 to 2013 R2.1. It is, therefore, affected by an authentication bypass vulnerability due to the default guest account not being restricted.
SolutionChange the default policy and remove guest account access to DBServer.