CVE-2014-5412

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aveva:clearscada:2010:r3::::::
	cpe:2.3:a:aveva:clearscada:2010:r3.1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.1a::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.2::::::
	cpe:2.3:a:aveva:clearscada:2013:r2::::::
	cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1::::::
	cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1::::::

History

04 Nov 2025, 23:15

Type	Values Removed	Values Added
CWE		CWE-287
CVSS	v2 : ~~5.0~~ v3 : ~~unknown~~	v2 : 6.4 v3 : unknown
References		() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json - () https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a -

21 Nov 2024, 02:12

Type	Values Removed	Values Added
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 - Third Party Advisory, US Government Resource

Information

Published : 2014-09-18 10:55

Updated : 2025-11-04 23:15

NVD link : CVE-2014-5412

Mitre link : CVE-2014-5412

CVE.ORG link : CVE-2014-5412

JSON object : View

Products Affected

aveva

clearscada

schneider-electric

scada_expert_clearscada

CWE

CWE-287

Improper Authentication

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-5412", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-09-18T10:55:11.687", "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."}, {"lang": "es", "value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA versiones desde 2010 R3 hasta 2014 R1 permite a atacantes remotos leer registros de la base de datos a trav\u00e9s del acceso con la cuenta de invitado."}], "lastModified": "2025-11-04T23:15:33.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD"}, {"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6"}, {"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}