PT-2022-16606 · Schneider Electric · Ecostruxure Geo Scada Expert 2020+2

Published

2022-02-09

Updated

2022-02-16

CVE-2022-24321

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ClearSCADA versions all EcoStruxure Geo SCADA Expert 2019 versions all EcoStruxure Geo SCADA Expert 2020 versions all

Description A vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. This issue is related to improper check for unusual or exceptional conditions.

Recommendations For ClearSCADA all versions, update to a version that includes a fix for this issue. For EcoStruxure Geo SCADA Expert 2019 all versions, update to a version that includes a fix for this issue. For EcoStruxure Geo SCADA Expert 2020 all versions, update to a version that includes a fix for this issue.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2022-24321

Affected Products

Clearscada

Ecostruxure Geo Scada Expert 2019

Ecostruxure Geo Scada Expert 2020

PT-2022-16606 · Schneider Electric · Ecostruxure Geo Scada Expert 2020+2

CVE-2022-24321

Weakness Enumeration

Related Identifiers

Affected Products

References · 2