CVE-2014-5412

medium

Published 2014-09-18 · Modified 2026-05-06

CVSS v3

—

VIR risk

6.4

Description

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
aveva	clearscada	`2010`
aveva	clearscada	`2013`
schneider-electric	scada_expert_clearscada	`2013`
schneider-electric	scada_expert_clearscada	`2014`

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

CWEs

CWE-287 CWE-264

💬 Discuss CVE-2014-5412 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.