CVE-2014-5413

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aveva:clearscada:2010:r3::::::
	cpe:2.3:a:aveva:clearscada:2010:r3.1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.1a::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.2::::::
	cpe:2.3:a:aveva:clearscada:2013:r2::::::
	cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1::::::
	cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1::::::

History

04 Nov 2025, 23:15

Type	Values Removed	Values Added
References		() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json - () https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a -
CVSS	v2 : ~~5.0~~ v3 : ~~unknown~~	v2 : 6.4 v3 : unknown

21 Nov 2024, 02:12

Type	Values Removed	Values Added
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01 - Third Party Advisory, US Government Resource

Information

Published : 2014-09-18 10:55

Updated : 2025-11-04 23:15

NVD link : CVE-2014-5413

Mitre link : CVE-2014-5413

CVE.ORG link : CVE-2014-5413

JSON object : View

Products Affected

aveva

clearscada

schneider-electric

scada_expert_clearscada

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2014-5413", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-09-18T10:55:11.733", "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-310"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm."}, {"lang": "es", "value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 hasta 2014 R1 utiliza el algoritmo MD5 para certificados X.509, lo cual facilita a atacantes remotos falsificar servidores a trav\u00e9s de ataques criptogr\u00e1ficos contra este algoritmo"}], "lastModified": "2025-11-04T23:15:33.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394"}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD"}, {"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B6A429-6195-4213-A851-AF95A9C187F6"}, {"criteria": "cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84521A6D-AB6D-4518-A642-9BA4400DC599"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}