Cameron Stokes

**Name of the Vulnerable Software and Affected Versions** ClearSCADA (All Versions) EcoStruxure Geo SCADA Expert 2019 (All Versions) EcoStruxure Geo SCADA Expert 2020 (All Versions) **Description** A CWE-295: Improper Certificate Validation issue exists, allowing a Man-in-the-Middle attack when communications between the client and Geo SCADA web server are intercepted. This could potentially compromise the security of the data being transmitted. **Recommendations** For ClearSCADA, consider implementing proper certificate validation to prevent Man-in-the-Middle attacks. For EcoStruxure Geo SCADA Expert 2019, ensure that all communications with the Geo SCADA web server are securely encrypted and validated. For EcoStruxure Geo SCADA Expert 2020, restrict access to the Geo SCADA web server until a proper certificate validation mechanism is in place.

**Name of the Vulnerable Software and Affected Versions** ClearSCADA (All Versions) EcoStruxure Geo SCADA Expert 2019 (All Versions) EcoStruxure Geo SCADA Expert 2020 (All Versions) **Description** A CWE-295: Improper Certificate Validation issue exists, allowing a Man-in-the-Middle attack when communications between the client and Geo SCADA database server are intercepted. This could potentially compromise the security of the data being transmitted. **Recommendations** For ClearSCADA, consider implementing proper certificate validation to prevent Man-in-the-Middle attacks. For EcoStruxure Geo SCADA Expert 2019, ensure that all communications with the Geo SCADA database server are securely encrypted and validated. For EcoStruxure Geo SCADA Expert 2020, restrict access to the Geo SCADA database server to minimize the risk of exploitation until a proper fix is applied. As a temporary workaround, consider disabling the communication between the client and Geo SCADA database server until a patch is available.