Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-5413

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-18 Sep, 2014 | 10:00
Updated At-04 Nov, 2025 | 22:59
Rejected At-
Credits

Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:18 Sep, 2014 | 10:00
Updated At:04 Nov, 2025 | 22:59
Rejected At:
▼CVE Numbering Authority (CNA)
Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

Affected Products
Vendor
Schneider Electric SESchneider Electric
Product
ClearSCADA
Default Status
unaffected
Versions
Affected
  • 2010 R3 (build 72.4560)
  • 2010 R3.1 (build 72.4644)
Unaffected
  • 2010 R3.2
Vendor
Schneider Electric SESchneider Electric
Product
SCADA Expert ClearSCADA
Default Status
unaffected
Versions
Affected
  • 2013 R1 (build 73.4729)
  • 2013 R1.1 (build 73.4832)
  • 2013 R1.1a (build 73.4903)
  • 2013 R1.2 (build 73.4955)
  • 2013 R2 (build 74.5094)
  • 2013 R2.1 (build 74.5192)
  • 2014 R1 (build 75.5210)
Unaffected
  • 2014 R1.1
Problem Types
TypeCWE IDDescription
CWECWE-310CWE-310
Type: CWE
CWE ID: CWE-310
Description: CWE-310
Metrics
VersionBase scoreBase severityVector
2.06.4N/A
AV:N/AC:L/Au:N/C:P/I:P/A:N
Version: 2.0
Base score: 6.4
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Asset owners should always obtain a signed web certificate from a certified authority before deploying ClearSCADA Web Server in a production environment. To assist asset owners who are currently using self-signed certificates, a standalone utility will be made available that can be used to generate and deploy a new self-signed certificate (signed using an SHA signing algorithm). This utility is recommended for existing ClearSCADA systems subject to this vulnerability, removing the need to upgrade the ClearSCADA software and perform a manual generation of a new certificate. This utility will be made available within the Software Downloads section of the following ClearSCADA Resource Center page: http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support

Configurations
Workarounds
Exploits
Credits
finder
Aditya Sood
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01
x_refsource_MISC
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:18 Sep, 2014 | 10:55
Updated At:06 May, 2026 | 22:30

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary2.06.4MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Secondary
Version: 2.0
Base score: 6.4
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
AVEVA
aveva
>>clearscada>>2010
cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*
AVEVA
aveva
>>clearscada>>2010
cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*
AVEVA
aveva
>>clearscada>>2013
cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*
AVEVA
aveva
>>clearscada>>2013
cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*
AVEVA
aveva
>>clearscada>>2013
cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*
AVEVA
aveva
>>clearscada>>2013
cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*
AVEVA
aveva
>>clearscada>>2013
cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>scada_expert_clearscada>>2013
cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>scada_expert_clearscada>>2014
cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Secondaryics-cert@hq.dhs.gov
CWE-310Secondarynvd@nist.gov
CWE ID: CWE-310
Type: Secondary
Source: ics-cert@hq.dhs.gov
CWE ID: CWE-310
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.jsonics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01aics-cert@hq.dhs.gov
N/A
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found