Schneider Electric ClearSCADA <= 2013 R2 Remote Code Execution Vulnerability

medium Nessus Network Monitor Plugin ID 6984


A vulnerable version of Schneider Electric ClearSCADA has been detected.


ClearSCADA versions between 2010 R2 and 2013 R2 inclusive are affected by a remote code execution vulnerability related to the way the KepServer V4 component in the PLC Driver validates project file input. An attacker could cause a denial of service (application crash) or execute arbitrary code via a specially crafted project file.

Newer versions of ClearSCADA (i.e., 6.73.4729 and later) are referred to as "SCADA Expert ClearSCADA."


There is currently no fix available. The vendor advises uninstalling the PLC Driver.

See Also

Plugin Details

Severity: Medium

ID: 6984

Family: SCADA

Published: 4/25/2014

Updated: 3/6/2019

Nessus ID: 72703

Risk Information


Risk Factor: Medium

Score: 5.8


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P


Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:schneider-electric:clearscada

Vulnerability Publication Date: 1/24/2014

Reference Information

CVE: CVE-2014-0779

BID: 65476