CVE-2014-5411

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:S/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aveva:clearscada:2010:r3::::::
	cpe:2.3:a:aveva:clearscada:2010:r3.1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.1a::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.2::::::
	cpe:2.3:a:aveva:clearscada:2013:r2::::::
	cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1::::::
	cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1::::::

History

04 Nov 2025, 23:15

Type	Values Removed	Values Added
References		() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json - () https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a -
CVSS	v2 : ~~3.5~~ v3 : ~~unknown~~	v2 : 4.9 v3 : unknown

21 Nov 2024, 02:11

Type	Values Removed	Values Added
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 - Third Party Advisory, US Government Resource

Information

Published : 2014-09-18 10:55

Updated : 2025-11-04 23:15

NVD link : CVE-2014-5411

Mitre link : CVE-2014-5411

CVE.ORG link : CVE-2014-5411

JSON object : View

Products Affected

aveva

clearscada

schneider-electric

scada_expert_clearscada

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2014-5411", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-09-18T10:55:11.640", "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 hasta 2014 R1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-11-04T23:15:33.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD"}, {"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6"}, {"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}