CVE-2014-5413
First published: Thu Sep 18 2014(Updated: )
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric ClearSCADA | =2010-r3 | |
| Schneider Electric ClearSCADA | =2010-r3.1 | |
| Schneider Electric ClearSCADA | =2013-r1 | |
| Schneider Electric ClearSCADA | =2013-r1.1 | |
| Schneider Electric ClearSCADA | =2013-r1.1a | |
| Schneider Electric ClearSCADA | =2013-r1.2 | |
| Schneider Electric ClearSCADA | =2013-r2 | |
| Schneider Electric EcoStruxure Geo SCADA Expert | =2013-r2.1 | |
| Schneider Electric EcoStruxure Geo SCADA Expert | =2014-r1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-5413?
CVE-2014-5413 is rated as a high severity vulnerability due to its potential to allow remote attackers to spoof servers.
How do I fix CVE-2014-5413?
To fix CVE-2014-5413, it is recommended to upgrade to a version of ClearSCADA that does not use the MD5 algorithm for X.509 certificates.
What systems are affected by CVE-2014-5413?
CVE-2014-5413 affects Schneider Electric StruxureWare SCADA Expert ClearSCADA versions from 2010 R3 to 2014 R1.
What type of attack does CVE-2014-5413 allow?
CVE-2014-5413 allows attackers to perform cryptographic attacks that can lead to server spoofing.
Is CVE-2014-5413 related to MD5 vulnerabilities?
Yes, CVE-2014-5413 is specifically problematic due to the use of the MD5 algorithm, which is known to be weak.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/aveva
- canonical/schneider electric clearscada
- version/schneider electric clearscada/2010-r3
- version/schneider electric clearscada/2010-r3.1
- version/schneider electric clearscada/2013-r1
- version/schneider electric clearscada/2013-r1.1
- version/schneider electric clearscada/2013-r1.1a
- version/schneider electric clearscada/2013-r1.2
- version/schneider electric clearscada/2013-r2
- vendor/schneider-electric
- canonical/schneider electric ecostruxure geo scada expert
- version/schneider electric ecostruxure geo scada expert/2013-r2.1
- version/schneider electric ecostruxure geo scada expert/2014-r1