Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Schneider Electric SCADA Expert ClearSCADA 2005 / 2007 / 2009 < 2009 R1.4 and R2.3 XSS

Medium

Synopsis

A vulnerable version of Schneider Electric SCADA Expert ClearSCADA has been detected.

Description

Schneider Electric SCADA Expert ClearSCADA versions 2005, 2007, and 2009 < 2009 R1.4 and R2.3 are affected by a reflective cross-site scripting vulnerability. An attacker could exploit this vulnerability to inject malicious code directly into the user's browsing session.

Solution

Upgrade to SCADA Expert ClearSCADA version 2009 R1.4, 2009 R2.3, 2010 R1, or later.