CVE-2022-24320

Name of the Vulnerable Software and Affected Versions ClearSCADA (All Versions) EcoStruxure Geo SCADA Expert 2019 (All Versions) EcoStruxure Geo SCADA Expert 2020 (All Versions)

Description A CWE-295: Improper Certificate Validation issue exists, allowing a Man-in-the-Middle attack when communications between the client and Geo SCADA database server are intercepted. This could potentially compromise the security of the data being transmitted.

Recommendations For ClearSCADA, consider implementing proper certificate validation to prevent Man-in-the-Middle attacks. For EcoStruxure Geo SCADA Expert 2019, ensure that all communications with the Geo SCADA database server are securely encrypted and validated. For EcoStruxure Geo SCADA Expert 2020, restrict access to the Geo SCADA database server to minimize the risk of exploitation until a proper fix is applied. As a temporary workaround, consider disabling the communication between the client and Geo SCADA database server until a patch is available.