Schneider.Electric.ClearSCADA.Guest.User.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Information Disclosure vulnerability in Schneider Electric SCADA Expert ClearSCADA.
The vulnerability is due to lack of authentication for the default account. A remote attacker can exploit this to gain unauthorized access to sensitive information, via a crafted HTTP request.
Affected Products
Schneider Electric ClearSCADA 2010 prior to R3.2
Schneider Electric SCADA Expert ClearSCADA 2014 prior to R1.1
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://resourcecenter.controlmicrosystems.com/display/public/CS/SCADA+Expert+ClearSCADA+Support
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |