VDB
SEVD-2022-039-05
SEVD-2022-039-05
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure Geo SCADA Expert product (formerly known as ClearSCADA). EcoStruxure Geo SCADA Expert software is an open, flexible, and scalable software system for telemetry and remote SCADA solutions. Failure to apply the remediations provided below may risk the impersonation of client activity or the revealing of account credentials, which could result in unauthorized system access.
Risk Scores
CVSS v3.1
6.800000190734863
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Geo SCADA Expert 2021 All versions (84.*) | ||
| Schneider Electric EcoStruxure Geo SCADA Expert 2019 All versions | ||
| Schneider Electric EcoStruxure Geo SCADA Expert 2020 All versions | ||
| Schneider Electric ClearSCADA All versions |
Timeline
- Feb 8, 2022 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2022-039-05.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ advisory
- https://community.exchange.se.com/t5/Geo-SCADA-Knowledge-Base/Geo-SCADA-ExpertDownloads/ba-p/279115 fix
- https://community.exchange.se.com/t5/Geo-SCADA-Knowledge-Base/Geo-SCADA-Expert-Downloads/ba-p/279115 fix