Sign-up

ID

VAR-201409-0183


CVE

CVE-2014-2375


TITLE

Ecava Integraxor SCADA Server Arbitrary file read and write vulnerability

Trust: 0.8

sources: IVD: 28fe4bbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05990

DESCRIPTION

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2014-2375 // JVNDB: JVNDB-2014-004165 // CNVD: CNVD-2014-05990 // BID: 69767 // IVD: 28fe4bbc-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 28fe4bbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05990

AFFECTED PRODUCTS

vendor:ecavamodel:integraxorscope:lteversion:4.1.4360

Trust: 1.0

vendor:ecavamodel:integraxorscope:lteversion:4.1.4392

Trust: 1.0

vendor:ecavamodel:integraxorscope:lteversion:beta 4.1.4392

Trust: 0.8

vendor:ecavamodel:integraxorscope:lteversion:stable 4.1.4360

Trust: 0.8

vendor:ecavamodel:integraxor scada serverscope:lteversion:<=4.1.4360

Trust: 0.6

vendor:ecavamodel:integraxorscope:eqversion:4.1.4360

Trust: 0.6

vendor:ecavamodel:integraxorscope:eqversion:4.1.4392

Trust: 0.6

vendor:integraxormodel: - scope:eqversion:*

Trust: 0.4

vendor:ecavamodel:integraxor scada serverscope:eqversion:4.1.4392

Trust: 0.3

vendor:ecavamodel:integraxor scada serverscope:eqversion:4.1.4360

Trust: 0.3

sources: IVD: 28fe4bbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05990 // BID: 69767 // JVNDB: JVNDB-2014-004165 // CNNVD: CNNVD-201409-516 // NVD: CVE-2014-2375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2375
value: HIGH

Trust: 1.0

NVD: CVE-2014-2375
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-05990
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201409-516
value: CRITICAL

Trust: 0.6

IVD: 28fe4bbc-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2014-2375
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-05990
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 28fe4bbc-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 28fe4bbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05990 // JVNDB: JVNDB-2014-004165 // CNNVD: CNNVD-201409-516 // NVD: CVE-2014-2375

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2014-004165 // NVD: CVE-2014-2375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-516

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201409-516

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004165

PATCH
title:Top Pageurl:http://www.integraxor.com/
Trust: 0.8
title:Ecava Integraxor SCADA Server patch for arbitrary file read and write vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/50105
Trust: 0.6
title:igsetup-4.2.4470url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51664
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-05990 // 
            
            
            
            JVNDB: JVNDB-2014-004165 // 
            
            
            
            CNNVD: CNNVD-201409-516

EXTERNAL IDS
db:NVDid:CVE-2014-2375
Trust: 3.5
db:ICS CERTid:ICSA-14-224-01
Trust: 2.7
db:BIDid:69767
Trust: 0.9
db:CNVDid:CNVD-2014-05990
Trust: 0.8
db:CNNVDid:CNNVD-201409-516
Trust: 0.8
db:JVNDBid:JVNDB-2014-004165
Trust: 0.8
db:IVDid:28FE4BBC-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 28fe4bbc-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-05990 // 
            
            
            
            BID: 69767 // 
            
            
            
            JVNDB: JVNDB-2014-004165 // 
            
            
            
            CNNVD: CNNVD-201409-516 // 
            
            
            
            NVD: CVE-2014-2375

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-14-224-01
Trust: 2.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2375
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2375
Trust: 0.8
url:http://www.securityfocus.com/bid/69767
Trust: 0.6
url:http://www.integraxor.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-05990 // 
            
            
            
            BID: 69767 // 
            
            
            
            JVNDB: JVNDB-2014-004165 // 
            
            
            
            CNNVD: CNNVD-201409-516 // 
            
            
            
            NVD: CVE-2014-2375

CREDITS
Andrea Micalizzi
Trust: 0.3
sources:
            
            
            BID: 69767

SOURCES
db:IVDid:28fe4bbc-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-05990
db:BIDid:69767
db:JVNDBid:JVNDB-2014-004165
db:CNNVDid:CNNVD-201409-516
db:NVDid:CVE-2014-2375

LAST UPDATE DATE
2025-04-13T23:23:53.113000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05990date:2014-09-18T00:00:00
db:BIDid:69767date:2014-09-11T00:00:00
db:JVNDBid:JVNDB-2014-004165date:2014-09-16T00:00:00
db:CNNVDid:CNNVD-201409-516date:2014-09-16T00:00:00
db:NVDid:CVE-2014-2375date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:28fe4bbc-2352-11e6-abef-000c29c66e3ddate:2014-09-18T00:00:00
db:CNVDid:CNVD-2014-05990date:2014-09-18T00:00:00
db:BIDid:69767date:2014-09-11T00:00:00
db:JVNDBid:JVNDB-2014-004165date:2014-09-16T00:00:00
db:CNNVDid:CNNVD-201409-516date:2014-09-16T00:00:00
db:NVDid:CVE-2014-2375date:2014-09-15T14:55:11.103