cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-0595,https://securityvulnerability.io/vulnerability/CVE-2023-0595,Improper Log Output Neutralization Vulnerability in EcoStruxure Geo SCADA by Schneider Electric,"A vulnerability exists in EcoStruxure Geo SCADA and ClearSCADA products that allows improper output neutralization for log files. This flaw could enable the misinterpretation of log entries due to the processing of malicious packets sent to the database web port, typically at port 443. Exploitation of this vulnerability could result in significant security risks, as it may allow unauthorized access or manipulation of the log contents, impacting operational integrity and confidentiality.",Schneider Electric,"Ecostruxure Geo Scada Expert 2019,Ecostruxure Geo Scada Expert 2020,Ecostruxure Geo Scada Expert 2021,Clearscada",5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-02-24T00:00:00.000Z,0
CVE-2022-24321,https://securityvulnerability.io/vulnerability/CVE-2022-24321,Denial of Service Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert by Schneider Electric,"A vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert that could lead to a Denial of Service (DoS) when the server receives a malformed HTTP request. This results from insufficient validation of certain requests, potentially causing the application to become unresponsive. It is crucial for users of the affected products to be aware of this issue to implement necessary mitigations and avoid disruptions in service. The vulnerability affects all versions of ClearSCADA and both the 2019 and 2020 editions of EcoStruxure Geo SCADA Expert. For detailed information, refer to the provided resources.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-02-09T22:05:12.000Z,0
CVE-2022-24320,https://securityvulnerability.io/vulnerability/CVE-2022-24320,Improper Certificate Validation Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert,"An improper certificate validation vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert, which could potentially allow attackers to execute Man-in-the-Middle attacks. This vulnerability arises when the communication between the client and the Geo SCADA database server is intercepted, enabling unauthorized access and data manipulation. It is crucial for users of these systems to implement necessary mitigations to secure their environments against potential exploits.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-02-09T22:05:11.000Z,0
CVE-2022-24319,https://securityvulnerability.io/vulnerability/CVE-2022-24319,Improper Certificate Validation in Geo SCADA Web Server by Schneider Electric,"The vulnerability stems from improper certificate validation mechanisms in the Geo SCADA web server, allowing the possibility of Man-in-the-Middle attacks. This issue arises when the communications between the client and the web server can be intercepted, potentially enabling attackers to spoof the server's identity. It affects multiple versions of ClearSCADA and EcoStruxure Geo SCADA Expert, making it crucial for users to apply necessary security measures to mitigate associated risks.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-02-09T22:05:10.000Z,0
CVE-2022-24318,https://securityvulnerability.io/vulnerability/CVE-2022-24318,Inadequate Encryption Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert Products,"An inadequate encryption strength issue has been identified within the ClearSCADA and EcoStruxure Geo SCADA Expert products. This vulnerability could potentially lead to non-encrypted communication between the client and server when using outdated versions of the ViewX client. Organizations utilizing these systems may be at risk of unauthorized data interception and exposure, emphasizing the need for timely updates and security measures.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2022-02-09T22:05:09.000Z,0
CVE-2021-22741,https://securityvulnerability.io/vulnerability/CVE-2021-22741,Password Hash Insufficient Computational Effort in ClearSCADA and EcoStruxure Geo SCADA,"A vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert products due to the use of password hashes with insufficient computational effort. This flaw can allow attackers to uncover account credentials if they gain access to server database files. Consequently, systems become susceptible to password decryption attacks, making this issue critical for users to address promptly. It is important to note that '.sde' configuration export files do not store user account password hashes.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), And Ecostruxure Geo Scada Expert 2020 (v83.7742.1 And Prior)",6.7,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-05-26T19:20:13.000Z,0
CVE-2020-28219,https://securityvulnerability.io/vulnerability/CVE-2020-28219,Insufficiently Protected Credentials Vulnerability in EcoStruxure Geo SCADA Expert by Schneider Electric,"A vulnerability in EcoStruxure Geo SCADA Expert allows for the potential exposure of sensitive credentials to users on the server side when web users are logged into Virtual ViewX. This risk primarily arises due to inadequate protection mechanisms for credentials, permitting unauthorized access under certain conditions. The affected versions include EcoStruxure Geo SCADA Expert 2019 up to September 2020 and EcoStruxure Geo SCADA Expert 2020 up to the same date.",Schneider Electric,"Ecostruxure Geo Scada Expert 2019 (original Release And Monthly Updates To September 2020, From 81.7268.1 To 81.7578.1) And Ecostruxure Geo Scada Expert 2020 (original Release And Monthly Updates To September 2020, From 83.7551.1 To 83.7578.1)",7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2020-12-11T00:51:24.000Z,0