PT-2014-6458 · Schneider Electric · Struxureware Scada Expert Clearscada
Publicado
2014-09-18
·
Atualizado
2025-11-04
·
CVE-2014-5411
CVSS v2.0
4.9
Média
| Vetor | AV:N/AC:H/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Schneider Electric StruxureWare SCADA Expert ClearSCADA versions 2010 R3 through 2014 R1
Description
The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, which can lead to multiple cross-site scripting (XSS) vulnerabilities.
Recommendations
For versions 2010 R3 through 2014 R1, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Struxureware Scada Expert Clearscada