StruxureWare SCADA Expert ClearSCADA Remote Security Bypass

Medium Nessus Plugin ID 80359


The remote web server is affected by an authentication bypass vulnerability.


The remote web server is a version of StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA) prior to version 2010 R3.2 / 2014 R1.1, or a version of 2013 R1 to 2013 R2.1. It is, therefore, affected by an authentication bypass vulnerability due to the default guest account not being restricted.


Change the default policy and remove guest account access to DBServer.

See Also

Plugin Details

Severity: Medium

ID: 80359

File Name: scada_clearscada_remote_security_bypass.nbin

Version: $Revision: 1.25 $

Type: remote

Family: SCADA

Published: 2015/01/05

Modified: 2018/01/29

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:schneider-electric:clearscada, cpe:/a:schneider-electric:scada_expert_clearscada

Patch Publication Date: 2014/10/06

Vulnerability Publication Date: 2014/10/06

Reference Information

CVE: CVE-2014-5412

BID: 69840

OSVDB: 111239

ICSA: 14-259-01A