Search criteria
11 vulnerabilities found for IntegraXor SCADA Server by Ecava
VAR-201504-0076
Vulnerability from variot - Updated: 2023-12-18 13:39Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. A local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4450"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": "integraxor scada server",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4450"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4450",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Praveen Darshanam",
"sources": [
{
"db": "BID",
"id": "73472"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0990",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0990",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02165",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-051",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0990",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. \nA local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0990",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-02",
"trust": 2.8
},
{
"db": "CNVD",
"id": "CNVD-2015-02165",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079",
"trust": 0.8
},
{
"db": "BID",
"id": "73472",
"trust": 0.4
},
{
"db": "IVD",
"id": "98F81D5E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2015-0990",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"id": "VAR-201504-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
}
]
},
"last_update_date": "2023-12-18T13:39:18.563000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "igsetup-4.2.4488.msi",
"trust": 0.8,
"url": "http://www.integraxor.com/download/rc.msi?4.2.4488"
},
{
"title": "Patch for Ecava IntegraXor DLL Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/56916"
},
{
"title": "igsetup-4.2.4488",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54805"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0990"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0990"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/download/rc.msi?4.2.4488"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73472"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73472"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"date": "2015-04-03T10:59:12.227000",
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73472"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"date": "2015-04-03T15:17:54.550000",
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "73472"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
],
"trust": 0.8
}
}
VAR-201409-0185
Vulnerability from variot - Updated: 2023-12-18 12:30Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "69774"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2377",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05986",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2377",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05986",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-518",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2377",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69774",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05986",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167",
"trust": 0.8
},
{
"db": "IVD",
"id": "28EBCE7E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"id": "VAR-201409-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
]
},
"last_update_date": "2023-12-18T12:30:41.038000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50102"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2377"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2377"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69774"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69774"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"date": "2014-09-15T14:55:11.197000",
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69774"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"date": "2014-09-16T13:31:13.060000",
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
],
"trust": 0.6
}
}
VAR-201409-0184
Vulnerability from variot - Updated: 2023-12-18 12:30SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "69772"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2376",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05987",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2376",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-05987",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-517",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2376",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69772",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05987",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166",
"trust": 0.8
},
{
"db": "IVD",
"id": "28F66F5A-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"id": "VAR-201409-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
}
]
},
"last_update_date": "2023-12-18T12:30:41.003000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50104"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2376"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2376"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69772"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69772"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"date": "2014-09-15T14:55:11.150000",
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69772"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"date": "2014-09-16T13:44:59.070000",
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA On the server SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
],
"trust": 0.8
}
}
VAR-201409-0183
Vulnerability from variot - Updated: 2023-12-18 12:30Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi",
"sources": [
{
"db": "BID",
"id": "69767"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2375",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05990",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2375",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-05990",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-516",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2375",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69767",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165",
"trust": 0.8
},
{
"db": "IVD",
"id": "28FE4BBC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"id": "VAR-201409-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
]
},
"last_update_date": "2023-12-18T12:30:40.969000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server patch for arbitrary file read and write vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50105"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2375"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2375"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69767"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69767"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"date": "2014-09-15T14:55:11.103000",
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69767"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"date": "2014-09-16T13:47:49.977000",
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava Integraxor SCADA Server Arbitrary file read and write vulnerability",
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
],
"trust": 0.6
}
}
VAR-201405-0459
Vulnerability from variot - Updated: 2023-12-18 12:30Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the "guest" user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4393 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4340"
},
{
"model": "integraxor",
"scope": null,
"trust": 1.4,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.1.4393"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.x"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4340"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4360"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4369"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4380"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4380:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4390",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4340:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0786",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0786",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-02109",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "06e54bac-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0786",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-0786",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-02109",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-616",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the \"guest\" user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. \nVersions prior to IntegraXor 4.1.4393 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 4.14
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0786",
"trust": 5.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-091-01",
"trust": 2.4
},
{
"db": "BID",
"id": "66554",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-02109",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2310",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-369",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2041",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-117",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 0.3
},
{
"db": "BID",
"id": "69776",
"trust": 0.3
},
{
"db": "IVD",
"id": "06E54BAC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"id": "VAR-201405-0459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
}
]
},
"last_update_date": "2023-12-18T12:30:40.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Account Information Disclosure Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-091-01"
},
{
"title": "Ecava IntegraXor Account Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/44617"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-091-01"
},
{
"trust": 1.6,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0786"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0786"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/blog/account-information-disclosure-vulnerability-note/"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"date": "2014-05-02T00:00:00",
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"date": "2014-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69776"
},
{
"date": "2014-04-01T00:00:00",
"db": "BID",
"id": "66554"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"date": "2014-05-01T01:56:10.490000",
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"date": "2014-05-02T00:00:00",
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"date": "2014-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69776"
},
{
"date": "2014-10-29T00:59:00",
"db": "BID",
"id": "66554"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"date": "2014-05-01T16:18:09.443000",
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"date": "2014-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
],
"trust": 0.6
}
}
CVE-2014-2376 (GCVE-0-2014-2376)
Vulnerability from cvelistv5 – Published: 2014-09-15 14:00 – Updated: 2025-10-13 22:46
VLAI?
Title
Ecava IntegraXor SCADA Server SQL Injection
Summary
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor SCADA Server |
Affected:
0 , ≤ v4.1.4360
(custom)
Affected: 0 , ≤ v4.1.4392 (custom) |
Credits
Andrea Micalizzi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor SCADA Server",
"vendor": "Ecava",
"versions": [
{
"lessThanOrEqual": "v4.1.4360",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v4.1.4392",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi"
}
],
"datePublic": "2014-09-11T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nSQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n\n\u003c/p\u003e"
}
],
"value": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:46:29.711Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.2.4458\"\u003ehttp://www.integraxor.com/download/rc.msi?4.2.4458\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\n\n\n http://www.integraxor.com/download/rc.msi?4.2.4458"
}
],
"source": {
"advisory": "ICSA-14-224-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor SCADA Server SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2376",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T22:46:29.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2375 (GCVE-0-2014-2375)
Vulnerability from cvelistv5 – Published: 2014-09-15 14:00 – Updated: 2025-10-13 22:44
VLAI?
Title
Ecava IntegraXor SCADA Server External Control of File Name or Path
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor SCADA Server |
Affected:
0 , ≤ v4.1.4360
(custom)
Affected: 0 , ≤ v4.1.4392 (custom) |
Credits
Andrea Micalizzi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor SCADA Server",
"vendor": "Ecava",
"versions": [
{
"lessThanOrEqual": "v4.1.4360",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v4.1.4392",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi"
}
],
"datePublic": "2014-09-11T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.\u003c/p\u003e"
}
],
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:44:18.843Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.2.4458\"\u003ehttp://www.integraxor.com/download/rc.msi?4.2.4458\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\n\n\n http://www.integraxor.com/download/rc.msi?4.2.4458"
}
],
"source": {
"advisory": "ICSA-14-224-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor SCADA Server External Control of File Name or Path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2375",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T22:44:18.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2377 (GCVE-0-2014-2377)
Vulnerability from cvelistv5 – Published: 2014-09-15 14:00 – Updated: 2025-10-13 22:48
VLAI?
Title
Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor SCADA Server |
Affected:
0 , ≤ v4.1.4360
(custom)
Affected: 0 , ≤ v4.1.4392 (custom) |
Credits
Andrea Micalizzi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor SCADA Server",
"vendor": "Ecava",
"versions": [
{
"lessThanOrEqual": "v4.1.4360",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v4.1.4392",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi"
}
],
"datePublic": "2014-09-11T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nEcava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.\n\n\u003c/p\u003e"
}
],
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-526",
"description": "CWE-526",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:48:15.434Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.2.4458\"\u003ehttp://www.integraxor.com/download/rc.msi?4.2.4458\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\n\n\n http://www.integraxor.com/download/rc.msi?4.2.4458"
}
],
"source": {
"advisory": "ICSA-14-224-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2377",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T22:48:15.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2376 (GCVE-0-2014-2376)
Vulnerability from nvd – Published: 2014-09-15 14:00 – Updated: 2025-10-13 22:46
VLAI?
Title
Ecava IntegraXor SCADA Server SQL Injection
Summary
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor SCADA Server |
Affected:
0 , ≤ v4.1.4360
(custom)
Affected: 0 , ≤ v4.1.4392 (custom) |
Credits
Andrea Micalizzi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor SCADA Server",
"vendor": "Ecava",
"versions": [
{
"lessThanOrEqual": "v4.1.4360",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v4.1.4392",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi"
}
],
"datePublic": "2014-09-11T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nSQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n\n\u003c/p\u003e"
}
],
"value": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:46:29.711Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.2.4458\"\u003ehttp://www.integraxor.com/download/rc.msi?4.2.4458\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\n\n\n http://www.integraxor.com/download/rc.msi?4.2.4458"
}
],
"source": {
"advisory": "ICSA-14-224-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor SCADA Server SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2376",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T22:46:29.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2375 (GCVE-0-2014-2375)
Vulnerability from nvd – Published: 2014-09-15 14:00 – Updated: 2025-10-13 22:44
VLAI?
Title
Ecava IntegraXor SCADA Server External Control of File Name or Path
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor SCADA Server |
Affected:
0 , ≤ v4.1.4360
(custom)
Affected: 0 , ≤ v4.1.4392 (custom) |
Credits
Andrea Micalizzi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor SCADA Server",
"vendor": "Ecava",
"versions": [
{
"lessThanOrEqual": "v4.1.4360",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v4.1.4392",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi"
}
],
"datePublic": "2014-09-11T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.\u003c/p\u003e"
}
],
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:44:18.843Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.2.4458\"\u003ehttp://www.integraxor.com/download/rc.msi?4.2.4458\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\n\n\n http://www.integraxor.com/download/rc.msi?4.2.4458"
}
],
"source": {
"advisory": "ICSA-14-224-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor SCADA Server External Control of File Name or Path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2375",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T22:44:18.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2377 (GCVE-0-2014-2377)
Vulnerability from nvd – Published: 2014-09-15 14:00 – Updated: 2025-10-13 22:48
VLAI?
Title
Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor SCADA Server |
Affected:
0 , ≤ v4.1.4360
(custom)
Affected: 0 , ≤ v4.1.4392 (custom) |
Credits
Andrea Micalizzi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor SCADA Server",
"vendor": "Ecava",
"versions": [
{
"lessThanOrEqual": "v4.1.4360",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v4.1.4392",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi"
}
],
"datePublic": "2014-09-11T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nEcava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.\n\n\u003c/p\u003e"
}
],
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-526",
"description": "CWE-526",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:48:15.434Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.2.4458\"\u003ehttp://www.integraxor.com/download/rc.msi?4.2.4458\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\n\n\n http://www.integraxor.com/download/rc.msi?4.2.4458"
}
],
"source": {
"advisory": "ICSA-14-224-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2377",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T22:48:15.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}