cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-0595,https://securityvulnerability.io/vulnerability/CVE-2023-0595,Improper Log Output Neutralization Vulnerability in EcoStruxure Geo SCADA by Schneider Electric,"A vulnerability exists in EcoStruxure Geo SCADA and ClearSCADA products that allows improper output neutralization for log files. This flaw could enable the misinterpretation of log entries due to the processing of malicious packets sent to the database web port, typically at port 443. Exploitation of this vulnerability could result in significant security risks, as it may allow unauthorized access or manipulation of the log contents, impacting operational integrity and confidentiality.",Schneider Electric,"Ecostruxure Geo Scada Expert 2019,Ecostruxure Geo Scada Expert 2020,Ecostruxure Geo Scada Expert 2021,Clearscada",5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-02-24T00:00:00.000Z,0
CVE-2023-22611,https://securityvulnerability.io/vulnerability/CVE-2023-22611,Sensitive Information Exposure in EcoStruxure Geo SCADA Expert by Schneider Electric,"A vulnerability exists that could lead to information disclosure when specific messages are sent to the server via the database server TCP port. This exposure can occur in versions of EcoStruxure Geo SCADA Expert prior to October 2022, posing a risk of sensitive data being accessed by unauthorized users. Organizations using these versions should consider implementing security measures to mitigate the risk associated with this vulnerability.",Schneider Electric,Ecostruxure Geo Scada Expert 2019 - 2021 (formerly Known As Clearscada),7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-01-31T00:00:00.000Z,0
CVE-2023-22610,https://securityvulnerability.io/vulnerability/CVE-2023-22610,Incorrect Authorization Vulnerability in Geo SCADA Server by Schneider Electric,"An Incorrect Authorization vulnerability exists within the Geo SCADA server, potentially leading to a Denial of Service condition. When specific malicious messages are directed at the server's database server TCP port, it can trigger disruptions, impacting the availability and reliability of the Geo SCADA services. Organizations using the affected versions are advised to apply the necessary patches to safeguard against potential exploitation.",Schneider Electric,Ecostruxure Geo Scada Expert 2019 - 2021 (formerly Known As Clearscada),9.1,CRITICAL,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-01-31T00:00:00.000Z,0
CVE-2022-24321,https://securityvulnerability.io/vulnerability/CVE-2022-24321,Denial of Service Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert by Schneider Electric,"A vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert that could lead to a Denial of Service (DoS) when the server receives a malformed HTTP request. This results from insufficient validation of certain requests, potentially causing the application to become unresponsive. It is crucial for users of the affected products to be aware of this issue to implement necessary mitigations and avoid disruptions in service. The vulnerability affects all versions of ClearSCADA and both the 2019 and 2020 editions of EcoStruxure Geo SCADA Expert. For detailed information, refer to the provided resources.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-02-09T22:05:12.000Z,0
CVE-2022-24320,https://securityvulnerability.io/vulnerability/CVE-2022-24320,Improper Certificate Validation Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert,"An improper certificate validation vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert, which could potentially allow attackers to execute Man-in-the-Middle attacks. This vulnerability arises when the communication between the client and the Geo SCADA database server is intercepted, enabling unauthorized access and data manipulation. It is crucial for users of these systems to implement necessary mitigations to secure their environments against potential exploits.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-02-09T22:05:11.000Z,0
CVE-2022-24319,https://securityvulnerability.io/vulnerability/CVE-2022-24319,Improper Certificate Validation in Geo SCADA Web Server by Schneider Electric,"The vulnerability stems from improper certificate validation mechanisms in the Geo SCADA web server, allowing the possibility of Man-in-the-Middle attacks. This issue arises when the communications between the client and the web server can be intercepted, potentially enabling attackers to spoof the server's identity. It affects multiple versions of ClearSCADA and EcoStruxure Geo SCADA Expert, making it crucial for users to apply necessary security measures to mitigate associated risks.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-02-09T22:05:10.000Z,0
CVE-2022-24318,https://securityvulnerability.io/vulnerability/CVE-2022-24318,Inadequate Encryption Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert Products,"An inadequate encryption strength issue has been identified within the ClearSCADA and EcoStruxure Geo SCADA Expert products. This vulnerability could potentially lead to non-encrypted communication between the client and server when using outdated versions of the ViewX client. Organizations utilizing these systems may be at risk of unauthorized data interception and exposure, emphasizing the need for timely updates and security measures.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), Ecostruxure Geo Scada Expert 2020 (all Versions)",7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2022-02-09T22:05:09.000Z,0
CVE-2021-22741,https://securityvulnerability.io/vulnerability/CVE-2021-22741,Password Hash Insufficient Computational Effort in ClearSCADA and EcoStruxure Geo SCADA,"A vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert products due to the use of password hashes with insufficient computational effort. This flaw can allow attackers to uncover account credentials if they gain access to server database files. Consequently, systems become susceptible to password decryption attacks, making this issue critical for users to address promptly. It is important to note that '.sde' configuration export files do not store user account password hashes.",Schneider Electric,"Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), And Ecostruxure Geo Scada Expert 2020 (v83.7742.1 And Prior)",6.7,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-05-26T19:20:13.000Z,0
CVE-2019-6854,https://securityvulnerability.io/vulnerability/CVE-2019-6854,Improper Authentication Vulnerability in EcoStruxure Geo SCADA Expert by Schneider Electric,"An improper authentication vulnerability in the EcoStruxure Geo SCADA Expert (ClearSCADA) system allows low privilege users to exploit access to the file system, potentially enabling them to delete or modify critical database, setting, or certificate files. The issue affects versions released before January 1, 2019, specifically including ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. Users must be granted access to the operating system's file system to exploit this vulnerability, highlighting the importance of securing user permissions.",Schneider Electric,Ecostruxure Geo Scada Expert (clearscada) With Initial Releases Before 1 January 2019 (see Notification For More Details),7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2020-01-06T22:56:53.000Z,0
CVE-2014-5411,https://securityvulnerability.io/vulnerability/CVE-2014-5411,,Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,Schneider Electric,"Scada Expert Clearscada,Clearscada",,,0.0026199999265372753,false,,false,false,false,,,false,false,,2014-09-18T10:00:00.000Z,0
CVE-2014-5413,https://securityvulnerability.io/vulnerability/CVE-2014-5413,,"Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.",Schneider Electric,"Scada Expert Clearscada,Clearscada",,,0.0015999999595806003,false,,false,false,false,,,false,false,,2014-09-18T10:00:00.000Z,0
CVE-2014-5412,https://securityvulnerability.io/vulnerability/CVE-2014-5412,,Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.,Schneider Electric,"Scada Expert Clearscada,Clearscada",,,0.008969999849796295,false,,false,false,false,,,false,false,,2014-09-18T10:00:00.000Z,0