Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)

Related CPE's

a

schneider-electric

ecostruxure_geo_scada_expert_2019

29

a

schneider-electric

ecostruxure_geo_scada_expert_2020

23

a

schneider-electric

ecostruxure_geo_scada_expert_2021

9

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf

MitigationPatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf

MitigationPatchVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-200

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-31T16:15:08.927Z

3 years ago

Last modified

2024-11-21T06:45:03.150Z

1 year ago