Vulnerabilities > CVE-2014-5413 - Cryptographic Issues vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

aveva

schneider-electric

CWE-310

NVD

Published: 2014-09-18

Updated: 2018-12-31

Summary

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

Vulnerable Configurations

Part	Description	Count
Application	Aveva Aveva Clearscada 2010 Aveva Clearscada 2013	7
Application	Schneider-Electric Schneider Electric Scada Expert Clearscada 2013 Schneider Electric Scada Expert Clearscada 2014	2

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01