Schneider Electric SCADA Expert ClearSCADA 2005 / 2007 / 2009 < 2009 R1.4 and R2.3 XSS

Medium Nessus Network Monitor Plugin ID 8756


A vulnerable version of Schneider Electric SCADA Expert ClearSCADA has been detected.


Schneider Electric SCADA Expert ClearSCADA versions 2005, 2007, and 2009 &lt; 2009 R1.4 and R2.3 are affected by a reflective cross-site scripting vulnerability. An attacker could exploit this vulnerability to inject malicious code directly into the user's browsing session.


Upgrade to SCADA Expert ClearSCADA version 2009 R1.4, 2009 R2.3, 2010 R1, or later.

See Also

Plugin Details

Severity: Medium

ID: 8756

Family: SCADA

Published: 2015/07/17

Modified: 2016/02/05

Dependencies: 6313

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Base Score: 3.6

Temporal Score: 3.2


Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:schneider-electric:scada_expert_clearscada

Patch Publication Date: 2011/08/16

Vulnerability Publication Date: 2011/08/16

Reference Information

CVE: CVE-2011-3144

BID: 73823