SCADA: Schneider Electric SCADA Expert ClearSCADA Authentication Bypass
This signature detects attempts to exploit a known vulnerability against Schneider Electric SCADA Expert ClearSCADA. This vulnerability is due to insufficient restrictions of the preconfigured guest account. A successful attack can lead to disclose sensitive system information.
Extended Description
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
Affected Products
Aveva clearscada
References
CVE: CVE-2014-5412
Short Name
SCADA:SCHNIDER-DB-INFO-DIS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SCADA
Keywords
Authentication Bypass CVE-2014-5412 ClearSCADA Electric Expert SCADA Schneider
Release Date
10/15/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/5481
False Positive
Unknown
Vendors
Schneider-electric
Aveva
CVSS Score
5.0