Description


A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)

Related CPE's


a

schneider-electric

ecostruxure_geo_scada_expert_2019

29

a

schneider-electric

ecostruxure_geo_scada_expert_2020

23

a

schneider-electric

ecostruxure_geo_scada_expert_2021

9

Weaknesses



NVD-CWE-noinfo


CWE-200

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-31T17:15:08.927

2 years ago

Last modified

2023-02-07T19:56:57.870

2 years ago