CVE-2022-24319

Name of the Vulnerable Software and Affected Versions ClearSCADA (All Versions) EcoStruxure Geo SCADA Expert 2019 (All Versions) EcoStruxure Geo SCADA Expert 2020 (All Versions)

Description A CWE-295: Improper Certificate Validation issue exists, allowing a Man-in-the-Middle attack when communications between the client and Geo SCADA web server are intercepted. This could potentially compromise the security of the data being transmitted.

Recommendations For ClearSCADA, consider implementing proper certificate validation to prevent Man-in-the-Middle attacks. For EcoStruxure Geo SCADA Expert 2019, ensure that all communications with the Geo SCADA web server are securely encrypted and validated. For EcoStruxure Geo SCADA Expert 2020, restrict access to the Geo SCADA web server until a proper certificate validation mechanism is in place.