Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2014-5413
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-18 Sep, 2014 | 10:00
Updated At-04 Nov, 2025 | 22:59
Rejected At-
▼CVE Numbering Authority (CNA)
Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

Affected Products
Vendor
Schneider Electric SESchneider Electric
Product
ClearSCADA
Default Status
unaffected
Versions
Affected
  • 2010 R3 (build 72.4560)
  • 2010 R3.1 (build 72.4644)
Unaffected
  • 2010 R3.2
Vendor
Schneider Electric SESchneider Electric
Product
SCADA Expert ClearSCADA
Default Status
unaffected
Versions
Affected
  • 2013 R1 (build 73.4729)
  • 2013 R1.1 (build 73.4832)
  • 2013 R1.1a (build 73.4903)
  • 2013 R1.2 (build 73.4955)
  • 2013 R2 (build 74.5094)
  • 2013 R2.1 (build 74.5192)
  • 2014 R1 (build 75.5210)
Unaffected
  • 2014 R1.1
Problem Types
TypeCWE IDDescription
CWECWE-310CWE-310
Type: CWE
CWE ID: CWE-310
Description: CWE-310
Metrics
VersionBase scoreBase severityVector
2.06.4N/A
AV:N/AC:L/Au:N/C:P/I:P/A:N
Version: 2.0
Base score: 6.4
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Asset owners should always obtain a signed web certificate from a certified authority before deploying ClearSCADA Web Server in a production environment. To assist asset owners who are currently using self-signed certificates, a standalone utility will be made available that can be used to generate and deploy a new self-signed certificate (signed using an SHA signing algorithm). This utility is recommended for existing ClearSCADA systems subject to this vulnerability, removing the need to upgrade the ClearSCADA software and perform a manual generation of a new certificate. This utility will be made available within the Software Downloads section of the following ClearSCADA Resource Center page: http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support

Configurations
Workarounds
Exploits
Credits
finder
Aditya Sood
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01
x_refsource_MISC
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01
Resource:
x_refsource_MISC
x_transferred
Details not found