CVE-2014-5413 | Vulnerability Database | Aqua Security

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

Affected Software

Name	Vendor	Start Version	End Version
Clearscada	Aveva	2010-r3 (including)	2010-r3 (including)
Clearscada	Aveva	2010-r3.1 (including)	2010-r3.1 (including)
Clearscada	Aveva	2013-r1 (including)	2013-r1 (including)
Clearscada	Aveva	2013-r1.1 (including)	2013-r1.1 (including)
Clearscada	Aveva	2013-r1.1a (including)	2013-r1.1a (including)
Clearscada	Aveva	2013-r1.2 (including)	2013-r1.2 (including)
Clearscada	Aveva	2013-r2 (including)	2013-r2 (including)
Scada_expert_clearscada	Schneider-electric	2013-r2.1 (including)	2013-r2.1 (including)
Scada_expert_clearscada	Schneider-electric	2014-r1 (including)	2014-r1 (including)

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json
https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a
https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-5413
CWE	https://cwe.mitre.org/data/definitions/310.html