PT-2020-11215 · Schneider Electric · Ecostruxure Geo Scada Expert

Published

2020-01-06

Updated

2021-11-03

CVE-2019-6854

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EcoStruxure Geo SCADA Expert (ClearSCADA) versions prior to 2019

Description A vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability.

Recommendations For ClearSCADA 2017 R3, update to a version released after 1 January 2019. For ClearSCADA 2017 R2, update to a version released after 1 January 2019. For ClearSCADA 2017, update to a version released after 1 January 2019.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-6854

Affected Products

Ecostruxure Geo Scada Expert

PT-2020-11215 · Schneider Electric · Ecostruxure Geo Scada Expert

CVE-2019-6854

Weakness Enumeration

Related Identifiers

Affected Products

References · 4