CVE-2019-6854Improper Authentication in Clearscada

CWE-287Improper Authentication3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 92.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Clearscada
Timeline
PublishedJan 6
Latest updateMay 24

Description

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hwwq-6fg7-74h6: A CWE-264 Permissions, Privileges, and Access Controls vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial2022-05-24
CVEList
CVE-2019-6854: A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 J2020-01-06
CVE-2019-6854 — Improper Authentication in Clearscada | cvebase