PT-2019-2665 · Schneider Electric · Citectscada+2
Published
2019-05-31
·
Updated
2020-10-02
·
CVE-2019-10981
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Vijeo Citect versions 7.30 through 7.40
CitectSCADA versions 7.30 through 7.40
PowerSCADA Expert (affected versions not specified)
Description
The issue is related to insufficient protection of registration data, which may allow an attacker to gain access to user credentials. An authenticated local user may exploit this to access Citect user credentials.
Recommendations
For Vijeo Citect versions 7.30 through 7.40, consider restricting access to the system until a fix is available.
For CitectSCADA versions 7.30 through 7.40, restrict access to the system until a fix is available.
For PowerSCADA Expert, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citectscada
Powerscada Expert
Vijeo Citect