6.4
CVE-2014-5412
- EPSS 0.54%
- Veröffentlicht 18.09.2014 10:55:11
- Zuletzt bearbeitet 04.11.2025 23:15:33
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSchneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aveva ≫ Clearscada Version2010 Updater3
Aveva ≫ Clearscada Version2010 Updater3.1
Aveva ≫ Clearscada Version2013 Updater1
Aveva ≫ Clearscada Version2013 Updater1.1
Aveva ≫ Clearscada Version2013 Updater1.1a
Aveva ≫ Clearscada Version2013 Updater1.2
Aveva ≫ Clearscada Version2013 Updater2
Schneider-electric ≫ Scada Expert Clearscada Version2013 Updater2.1
Schneider-electric ≫ Scada Expert Clearscada Version2014 Updater1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.666 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.