VDB
SEVD-2023-010-02
SEVD-2023-010-02
PUBLISHED
CVSS 9.100000381469727 CRITICAL
Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure Geo SCADA Expert software product, formerly known as ClearSCADA. The EcoStruxure Geo SCADA Expert product is an open, flexible and scalable software for telemetry and remote SCADA solutions. If successfully exploited, bad actors could execute a range of actions, including accessing and disclosing sensitive information, and denial of service. Failure to apply the remediations provided below may risk unauthorized system access, which could result in SCADA configuration data being exposed or a loss of service.
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric EcoStruxure Geo SCADA Expert 2019 version 81.8267.1 and prior | ||
| Schneider Electric EcoStruxure Geo SCADA Expert 2021 version 84.8269.1 and prior | ||
| Schneider Electric EcoStruxure Geo SCADA Expert 2020 version 83.8267.1 and prior | ||
| Schneider Electric EcoStruxure Geo SCADA Expert version 2021 84.8335.2 | ||
| Schneider Electric EcoStruxure Geo SCADA Expert version 2020 83.8332.1 | ||
| Schneider Electric ClearSCADA All Versions | ||
| Schneider Electric EcoStruxure Geo SCADA Expert version 2019 81.8333.1 |
Timeline
- Jan 10, 2023 CVE Published
- Mar 13, 2023 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-010-02.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ advisory
- https://community.se.com/t5/Geo-SCADA-Knowledge-Base/Geo-SCADA-Expert-Downloads/ba-p/279115 fix