VAR-201409-0185
Vulnerability from variot - Updated: 2023-12-18 12:30Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "69774"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2377",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05986",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2377",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05986",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-518",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2377",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69774",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05986",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167",
"trust": 0.8
},
{
"db": "IVD",
"id": "28EBCE7E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"id": "VAR-201409-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
]
},
"last_update_date": "2023-12-18T12:30:41.038000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50102"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2377"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2377"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69774"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69774"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"date": "2014-09-15T14:55:11.197000",
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69774"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"date": "2014-09-16T13:31:13.060000",
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…