Details of VAR-201401-0366

ID

VAR-201401-0366

CVE

CVE-2014-0752

TITLE

Ecava IntegraXor Project Directory Information Disclosure Vulnerability

Trust: 1.7

sources: IVD: 76051468-1ef7-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15287 // BID: 64351 // CNNVD: CNNVD-201312-342

DESCRIPTION

The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a sensitive information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain project directory information. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4369 are vulnerable

Trust: 3.33

sources: NVD: CVE-2014-0752 // JVNDB: JVNDB-2014-001027 // CNVD: CNVD-2013-15287 // CNVD: CNVD-2014-00197 // BID: 64351 // IVD: 76051468-1ef7-11e6-abef-000c29c66e3d // IVD: 524f1eec-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: 76051468-1ef7-11e6-abef-000c29c66e3d // IVD: 524f1eec-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15287 // CNVD: CNVD-2014-00197

AFFECTED PRODUCTS

vendor:	ecava	model:	integraxor	scope:	eq	version:	3.71.4200	Trust: 1.9
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.6.4000.0	Trust: 1.9
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5.3900.5	Trust: 1.9
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5.3900.10	Trust: 1.9
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.00	Trust: 1.6
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.72	Trust: 1.6
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.71	Trust: 1.6
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.60.4061	Trust: 1.6
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1	Trust: 1.6
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4360	Trust: 1.2
vendor:	ecava	model:	integraxor	scope:	lte	version:	4.1.4360	Trust: 1.0
vendor:	ecava	model:	integraxor	scope:	lt	version:	4.1.4369	Trust: 0.8
vendor:	ecava	model:	integraxor	scope:	-	version:	-	Trust: 0.6
vendor:	integraxor	model:	-	scope:	eq	version:	3.5.3900.5	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	3.5.3900.10	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	3.6.4000.0	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	3.60.4061	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	3.71	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	3.71.4200	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	3.72	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	4.00	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	4.1	Trust: 0.4
vendor:	integraxor	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.60.4050	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.60.4032	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.60	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.6.4000.5	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5.4000.5	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5	Trust: 0.3

sources: IVD: 76051468-1ef7-11e6-abef-000c29c66e3d // IVD: 524f1eec-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15287 // CNVD: CNVD-2014-00197 // BID: 64351 // JVNDB: JVNDB-2014-001027 // CNNVD: CNNVD-201312-342 // NVD: CVE-2014-0752

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-0752
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2014-0752
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0752
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-15287
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2014-00197
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201312-342
value:	MEDIUM
Trust: 0.6
IVD:	76051468-1ef7-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	524f1eec-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2014-0752
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ics-cert@hq.dhs.gov:	CVE-2014-0752
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2013-15287
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2014-00197
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	76051468-1ef7-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	524f1eec-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 76051468-1ef7-11e6-abef-000c29c66e3d // IVD: 524f1eec-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15287 // CNVD: CNVD-2014-00197 // JVNDB: JVNDB-2014-001027 // CNNVD: CNNVD-201312-342 // NVD: CVE-2014-0752 // NVD: CVE-2014-0752

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.8
problemtype:	CWE-529	Trust: 1.0

sources: JVNDB: JVNDB-2014-001027 // NVD: CVE-2014-0752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-342

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201312-342

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001027

PATCH

title:	Top Page	url:	http://www.ecava.com/	Trust: 0.8
title:	Security Issue for Project Directory Information Disclosure Vulnerability Note	url:	http://www.integraxor.com/blog/category/security/vulnerability-note/	Trust: 0.8
title:	Ecava IntegraXor SCADA server any project backup file read vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/42265	Trust: 0.6

sources: CNVD: CNVD-2014-00197 // JVNDB: JVNDB-2014-001027

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0752	Trust: 3.7
db:	ICS CERT	id:	ICSA-14-008-01	Trust: 3.0
db:	BID	id:	64351	Trust: 2.1
db:	CNNVD	id:	CNNVD-201312-342	Trust: 1.0
db:	CNVD	id:	CNVD-2013-15287	Trust: 0.8
db:	CNVD	id:	CNVD-2014-00197	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001027	Trust: 0.8
db:	IVD	id:	76051468-1EF7-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	524F1EEC-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-008-01	Trust: 3.0
url:	http://www.integraxor.com/blog/category/security/vulnerability-note/	Trust: 1.6
url:	http://www.securityfocus.com/bid/64351	Trust: 1.2
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-008-01	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0752	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0752	Trust: 0.8
url:	http://www.integraxor.com/	Trust: 0.3

sources: CNVD: CNVD-2013-15287 // CNVD: CNVD-2014-00197 // BID: 64351 // JVNDB: JVNDB-2014-001027 // CNNVD: CNNVD-201312-342 // NVD: CVE-2014-0752

CREDITS

Alphazorx aka technically.screwed

Trust: 0.9

sources: BID: 64351 // CNNVD: CNNVD-201312-342

SOURCES

db:	IVD	id:	76051468-1ef7-11e6-abef-000c29c66e3d
db:	IVD	id:	524f1eec-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-15287
db:	CNVD	id:	CNVD-2014-00197
db:	BID	id:	64351
db:	JVNDB	id:	JVNDB-2014-001027
db:	CNNVD	id:	CNNVD-201312-342
db:	NVD	id:	CVE-2014-0752

LAST UPDATE DATE

2025-08-23T23:27:18.501000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-15287	date:	2013-12-18T00:00:00
db:	CNVD	id:	CNVD-2014-00197	date:	2014-01-13T00:00:00
db:	BID	id:	64351	date:	2014-01-09T13:21:00
db:	JVNDB	id:	JVNDB-2014-001027	date:	2014-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201312-342	date:	2014-01-10T00:00:00
db:	NVD	id:	CVE-2014-0752	date:	2025-08-22T23:15:30.423

SOURCES RELEASE DATE

db:	IVD	id:	76051468-1ef7-11e6-abef-000c29c66e3d	date:	2013-12-18T00:00:00
db:	IVD	id:	524f1eec-2352-11e6-abef-000c29c66e3d	date:	2014-01-13T00:00:00
db:	CNVD	id:	CNVD-2013-15287	date:	2013-12-18T00:00:00
db:	CNVD	id:	CNVD-2014-00197	date:	2014-01-13T00:00:00
db:	BID	id:	64351	date:	2013-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-001027	date:	2014-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201312-342	date:	2013-12-18T00:00:00
db:	NVD	id:	CVE-2014-0752	date:	2014-01-09T18:07:26.597