Vulnerability Details : CVE-2014-5413
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
Products affected by CVE-2014-5413
- cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-5413
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-5413
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-5413
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5413
-
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01
Access Denied | CISAThird Party Advisory;US Government Resource
Jump to