Detections
Analytics
Schneider Electric SCADA Expert ClearSCADA 2005 / 2007 / 2009 < 2009 R1.4 and R2.3 XSS
low Nessus Network Monitor Plugin ID 8756
Synopsis
A vulnerable version of Schneider Electric SCADA Expert ClearSCADA has been detected.Description
Schneider Electric SCADA Expert ClearSCADA versions 2005, 2007, and 2009 < 2009 R1.4 and R2.3 are affected by a reflective cross-site scripting vulnerability. An attacker could exploit this vulnerability to inject malicious code directly into the user's browsing session.Solution
Upgrade to SCADA Expert ClearSCADA version 2009 R1.4, 2009 R2.3, 2010 R1, or later.See Also
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
Plugin Details
Severity: Low
ID: 8756
Family: SCADA
Published: 7/17/2015
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS v3
Risk Factor: Low
Base Score: 3.7
Temporal Score: 3.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:schneider-electric:scada_expert_clearscada
Patch Publication Date: 8/16/2011
Vulnerability Publication Date: 8/16/2011
Reference Information
CVE: CVE-2011-3144
BID: 73823