Unrated severityNVD Advisory· Published Sep 18, 2014· Updated May 6, 2026

CVE-2014-5411

Description

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected products

Aveva/Clearscada7 versions
cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*
Schneider Electric/SCADA Expert Clearscada2 versions
cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:schneider-electric:scada_expert_clearscada:2013:r2.1:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:scada_expert_clearscada:2014:r1:*:*:*:*:*:*
Schneider Electric/ClearSCADAv5
Range: 2010 R3 (build 72.4560)
Schneider Electric/SCADA Expert ClearSCADAv5
Range: 2013 R1 (build 73.4729)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ics-cert.us-cert.gov/advisories/ICSA-14-259-01nvdThird Party AdvisoryUS Government Resource
github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.jsonnvd
www.cisa.gov/news-events/ics-advisories/icsa-14-259-01anvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000