cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-24321,https://securityvulnerability.io/vulnerability/CVE-2022-24321,Denial of Service Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert by Schneider Electric,"A vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert that could lead to a Denial of Service (DoS) when the server receives a malformed HTTP request. This results from insufficient validation of certain requests, potentially causing the application to become unresponsive. It is crucial for users of the affected products to be aware of this issue to implement necessary mitigations and avoid disruptions in service. The vulnerability affects all versions of ClearSCADA and both the 2019 and 2020 editions of EcoStruxure Geo SCADA Expert. For detailed information, refer to the provided resources.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-02-09T22:05:12.000Z,0
CVE-2022-24320,https://securityvulnerability.io/vulnerability/CVE-2022-24320,Improper Certificate Validation Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert,"An improper certificate validation vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert, which could potentially allow attackers to execute Man-in-the-Middle attacks. This vulnerability arises when the communication between the client and the Geo SCADA database server is intercepted, enabling unauthorized access and data manipulation. It is crucial for users of these systems to implement necessary mitigations to secure their environments against potential exploits.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-02-09T22:05:11.000Z,0
CVE-2022-24319,https://securityvulnerability.io/vulnerability/CVE-2022-24319,Improper Certificate Validation in Geo SCADA Web Server by Schneider Electric,"The vulnerability stems from improper certificate validation mechanisms in the Geo SCADA web server, allowing the possibility of Man-in-the-Middle attacks. This issue arises when the communications between the client and the web server can be intercepted, potentially enabling attackers to spoof the server's identity. It affects multiple versions of ClearSCADA and EcoStruxure Geo SCADA Expert, making it crucial for users to apply necessary security measures to mitigate associated risks.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-02-09T22:05:10.000Z,0
CVE-2022-24318,https://securityvulnerability.io/vulnerability/CVE-2022-24318,Inadequate Encryption Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert Products,"An inadequate encryption strength issue has been identified within the ClearSCADA and EcoStruxure Geo SCADA Expert products. This vulnerability could potentially lead to non-encrypted communication between the client and server when using outdated versions of the ViewX client. Organizations utilizing these systems may be at risk of unauthorized data interception and exposure, emphasizing the need for timely updates and security measures.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2022-02-09T22:05:09.000Z,0
CVE-2021-22741,https://securityvulnerability.io/vulnerability/CVE-2021-22741,Password Hash Insufficient Computational Effort in ClearSCADA and EcoStruxure Geo SCADA,"A vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert products due to the use of password hashes with insufficient computational effort. This flaw can allow attackers to uncover account credentials if they gain access to server database files. Consequently, systems become susceptible to password decryption attacks, making this issue critical for users to address promptly. It is important to note that '.sde' configuration export files do not store user account password hashes.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), And Ecostruxure Geo Scada Expert 2020 (v83.7742.1 And Prior)",6.7,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-05-26T19:20:13.000Z,0