A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Clearscada | Schneider-electric | - (including) | - (including) |
Ecostruxure_geo_scada_expert_2019 | Schneider-electric | * | * |
Ecostruxure_geo_scada_expert_2020 | Schneider-electric | * | * |