Sign-up

ID

VAR-201401-0367


CVE

CVE-2014-0753


TITLE

Ecava IntegraXor Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 4761ae78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00448

DESCRIPTION

Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a buffer overflow vulnerability that could be exploited by an attacker using any resource in any DLL in the command loader's home folder. Successful exploitation of the vulnerability could cause an application to crash or execute arbitrary code in the application context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Successful exploits will allow attackers to crash the system, denying service to legitimate users. IntegraXor 4.1.4380 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2014-0753 // JVNDB: JVNDB-2014-001219 // CNVD: CNVD-2014-00448 // BID: 64972 // IVD: 4761ae78-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4761ae78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00448

AFFECTED PRODUCTS

vendor:ecavamodel:integraxorscope:eqversion:3.5.3900.5

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:3.71.4200

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:3.6.4000.0

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:4.00

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:3.72

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:4.1.4360

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:3.5.3900.10

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:3.71

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:3.60.4061

Trust: 1.6

vendor:ecavamodel:integraxorscope:eqversion:4.1

Trust: 1.6

vendor:ecavamodel:integraxorscope:lteversion:4.1.4380

Trust: 1.0

vendor:ecavamodel:integraxorscope:eqversion:4.1.4369

Trust: 1.0

vendor:ecavamodel:integraxorscope:ltversion:4.1.4390

Trust: 0.8

vendor:ecavamodel:integraxorscope:eqversion:4.1.4380

Trust: 0.6

vendor:integraxormodel: - scope:eqversion:3.5.3900.5

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.5.3900.10

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.6.4000.0

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.60.4061

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.71

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.71.4200

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:3.72

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:4.00

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:4.1

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:4.1.4360

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:4.1.4369

Trust: 0.2

vendor:integraxormodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 4761ae78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00448 // JVNDB: JVNDB-2014-001219 // CNNVD: CNNVD-201401-400 // NVD: CVE-2014-0753

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2014-0753
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2014-0753
value: HIGH

Trust: 1.0

NVD: CVE-2014-0753
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-00448
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201401-400
value: HIGH

Trust: 0.6

IVD: 4761ae78-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

ics-cert@hq.dhs.gov: CVE-2014-0753
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.8

CNVD: CNVD-2014-00448
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4761ae78-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 4761ae78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00448 // JVNDB: JVNDB-2014-001219 // CNNVD: CNNVD-201401-400 // NVD: CVE-2014-0753 // NVD: CVE-2014-0753

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-121

Trust: 1.0

sources: JVNDB: JVNDB-2014-001219 // NVD: CVE-2014-0753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-400

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 4761ae78-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201401-400

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001219

PATCH
title:Buffer Overflow Vulnerability Noteurl:http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/
Trust: 0.8
title:Patch for Ecava IntegraXor Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/42590
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00448 // 
            
            
            
            JVNDB: JVNDB-2014-001219

EXTERNAL IDS
db:NVDid:CVE-2014-0753
Trust: 3.5
db:ICS CERTid:ICSA-14-016-01
Trust: 3.0
db:OSVDBid:102171
Trust: 1.0
db:BIDid:64972
Trust: 0.9
db:CNVDid:CNVD-2014-00448
Trust: 0.8
db:CNNVDid:CNNVD-201401-400
Trust: 0.8
db:JVNDBid:JVNDB-2014-001219
Trust: 0.8
db:ICS CERT ALERTid:ICS-ALERT-14-015-01
Trust: 0.6
db:SECUNIAid:56529
Trust: 0.6
db:IVDid:4761AE78-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 4761ae78-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-00448 // 
            
            
            
            BID: 64972 // 
            
            
            
            JVNDB: JVNDB-2014-001219 // 
            
            
            
            CNNVD: CNNVD-201401-400 // 
            
            
            
            NVD: CVE-2014-0753

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-016-01
Trust: 3.0
url:http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/
Trust: 1.6
url:https://www.cisa.gov/news-events/ics-advisories/icsa-14-016-01
Trust: 1.0
url:http://osvdb.org/102171
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0753
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0753
Trust: 0.8
url:http://ics-cert.us-cert.gov/alerts/ics-alert-14-015-01
Trust: 0.6
url:http://secunia.com/advisories/56529
Trust: 0.6
url:http://www.integraxor.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00448 // 
            
            
            
            BID: 64972 // 
            
            
            
            JVNDB: JVNDB-2014-001219 // 
            
            
            
            CNNVD: CNNVD-201401-400 // 
            
            
            
            NVD: CVE-2014-0753

CREDITS
Luigi Auriemma at the S4 2014 conference
Trust: 0.3
sources:
            
            
            BID: 64972

SOURCES
db:IVDid:4761ae78-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-00448
db:BIDid:64972
db:JVNDBid:JVNDB-2014-001219
db:CNNVDid:CNNVD-201401-400
db:NVDid:CVE-2014-0753

LAST UPDATE DATE
2025-08-26T23:27:51.227000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00448date:2014-01-21T00:00:00
db:BIDid:64972date:2014-01-20T01:02:00
db:JVNDBid:JVNDB-2014-001219date:2014-01-23T00:00:00
db:CNNVDid:CNNVD-201401-400date:2014-01-26T00:00:00
db:NVDid:CVE-2014-0753date:2025-08-26T00:15:29.717

SOURCES RELEASE DATE
db:IVDid:4761ae78-2352-11e6-abef-000c29c66e3ddate:2014-01-21T00:00:00
db:CNVDid:CNVD-2014-00448date:2014-01-20T00:00:00
db:BIDid:64972date:2014-01-16T00:00:00
db:JVNDBid:JVNDB-2014-001219date:2014-01-23T00:00:00
db:CNNVDid:CNNVD-201401-400date:2014-01-26T00:00:00
db:NVDid:CVE-2014-0753date:2014-01-21T01:55:03.620