CVE-2022-24318 - OpenCVE

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Clearscada Ecostruxure Geo Scada Expert 2020 Ecostruxure Geo Scada Expert 2019

Configuration 1 [-]

OR	cpe:2.3:a:schneider-electric:clearscada::::::::
	cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019::::::::
	cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020::::::::

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2022-02-09T22:05:09

Updated: 2022-02-09T22:05:09

Reserved: 2022-02-02T00:00:00

Link: CVE-2022-24318

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-09T23:15:20.037

Modified: 2022-02-17T04:08:06.347

Link: CVE-2022-24318

JSON object: View

Redhat Information

No data.

CWE

CWE-326

{"containers": {"cna": {"affected": [{"product": "ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)", "vendor": "n/a", "versions": [{"status": "affected", "version": "ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-326", "description": "CWE-326: Inadequate Encryption Strength", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-09T22:05:09", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-24318", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)", "version": {"version_data": [{"version_value": "ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-326: Inadequate Encryption Strength"}]}]}, "references": {"reference_data": [{"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-24318", "datePublished": "2022-02-09T22:05:09", "dateReserved": "2022-02-02T00:00:00", "dateUpdated": "2022-02-09T22:05:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:clearscada:*:*:*:*:*:*:*:*", "matchCriteriaId": "8117E9AF-97C7-4C10-BE59-5341D32667F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "665F4C4F-CC00-4484-B6FD-5E77EDBCD242", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA51B4B8-FF75-4BAE-A62B-E4B618CC7B10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)"}, {"lang": "es", "value": "Una CWE-326: Se presenta una vulnerabilidad de Fuerza de Encriptaci\u00f3n que podr\u00eda causar una comunicaci\u00f3n no encriptada con el servidor cuando son usadas versiones obsoletas del cliente ViewX. Producto afectado: ClearSCADA (todas las versiones), EcoStruxure Geo SCADA Expert 2019 (todas las versiones), EcoStruxure Geo SCADA Expert 2020 (todas las versiones)"}], "id": "CVE-2022-24318", "lastModified": "2022-02-17T04:08:06.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-09T23:15:20.037", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-326"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}