ClearSCADA

Schneider Electric Telemetry & Remote SCADA Solutions (formerly Control Microsystems) conducts regular security vulnerability assessments of current and previous versions of its ClearSCADA enterprise software to ensure optimal performance within the highest standards of software security. Collaborating with external IT vulnerability assessment organizations, our team performs thorough assessments using the latest techniques available. During on-going security assessments, the team has identified the following vulnerabilities:

Date Vulnerability Affected Versions Fix Version
25 Aug 2011 Remote Authentication Bypass ClearSCADA 2010 R1
ClearSCADA 2009
ClearSCADA 2007
ClearSCADA 2005 
SCX Version 6.69 R1
SCX Version 6.68
SCX Version 6.67
ClearSCADA 2010 R1.1 and later
16 Feb 2011 Multiple vulnerabilities
  • Heap Overflow 
  • Cross-site Scripting
  • Insecure Web Authentication
ClearSCADA 2009 (all versions)
ClearSCADA 2007 (all versions)
ClearSCADA 2005 (all versions)
For ClearSCADA 2009 users, service packs for ClearSCADA 2009 R2.3 and forClearSCADA 2009 R1.4 are now available at
http://www.clearscada.com/services-support/software-updates/

It is recommended that all ClearSCADA 2005 (all versions) and ClearSCADA 2007 (all
versions) users upgrade, as soon as possible, to any of the listed Fixed Versions. Upgrade is
free of charge with a valid SCADACare support agreement with Control Microsystems.
       

A list of TRSS Software vulnerabilities are listed here.