CVE-2014-5411

Published: Sep 18, 2014

Modified: Nov 4, 2025

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Vendor	Product	Versions
Schneider Electric	ClearSCADA	affected `2010 R3 (build 72.4560)` affected `2010 R3.1 (build 72.4644)` unaffected `2010 R3.2`
Schneider Electric	SCADA Expert ClearSCADA	affected `2013 R1 (build 73.4729)` affected `2013 R1.1 (build 73.4832)` affected `2013 R1.1a (build 73.4903)` affected `2013 R1.2 (build 73.4955)` affected `2013 R2 (build 74.5094)` +3 more versions

Weaknesses (CWE)

CWE-79

References

https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-5411

Description

Affected Products

Weaknesses (CWE)

References