Sign-up

ID

VAR-201409-0184


CVE

CVE-2014-2376


TITLE

Ecava IntegraXor SCADA On the server SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-004166

DESCRIPTION

SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data

Trust: 2.61

sources: NVD: CVE-2014-2376 // JVNDB: JVNDB-2014-004166 // CNVD: CNVD-2014-05987 // BID: 69772 // IVD: 28f66f5a-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 28f66f5a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05987

AFFECTED PRODUCTS

vendor:ecavamodel:integraxorscope:lteversion:4.1.4360

Trust: 1.0

vendor:ecavamodel:integraxorscope:lteversion:4.1.4392

Trust: 1.0

vendor:ecavamodel:integraxorscope:lteversion:beta 4.1.4392

Trust: 0.8

vendor:ecavamodel:integraxorscope:lteversion:stable 4.1.4360

Trust: 0.8

vendor:ecavamodel:integraxor scada serverscope:lteversion:<=4.1.4360

Trust: 0.6

vendor:ecavamodel:integraxorscope:eqversion:4.1.4360

Trust: 0.6

vendor:ecavamodel:integraxorscope:eqversion:4.1.4392

Trust: 0.6

vendor:integraxormodel: - scope:eqversion:*

Trust: 0.4

vendor:ecavamodel:integraxor scada serverscope:eqversion:4.1.4392

Trust: 0.3

vendor:ecavamodel:integraxor scada serverscope:eqversion:4.1.4360

Trust: 0.3

sources: IVD: 28f66f5a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05987 // BID: 69772 // JVNDB: JVNDB-2014-004166 // CNNVD: CNNVD-201409-517 // NVD: CVE-2014-2376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2376
value: HIGH

Trust: 1.0

NVD: CVE-2014-2376
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-05987
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201409-517
value: HIGH

Trust: 0.6

IVD: 28f66f5a-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2014-2376
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-05987
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 28f66f5a-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 28f66f5a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05987 // JVNDB: JVNDB-2014-004166 // CNNVD: CNNVD-201409-517 // NVD: CVE-2014-2376

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2014-004166 // NVD: CVE-2014-2376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-517

TYPE

SQL injection

Trust: 0.8

sources: IVD: 28f66f5a-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201409-517

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004166

PATCH
title:Top Pageurl:http://www.integraxor.com/
Trust: 0.8
title:Ecava Integraxor SCADA Server SQL Injection Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/50104
Trust: 0.6
title:igsetup-4.2.4470url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51664
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-05987 // 
            
            
            
            JVNDB: JVNDB-2014-004166 // 
            
            
            
            CNNVD: CNNVD-201409-517

EXTERNAL IDS
db:NVDid:CVE-2014-2376
Trust: 3.5
db:ICS CERTid:ICSA-14-224-01
Trust: 2.7
db:BIDid:69772
Trust: 0.9
db:CNVDid:CNVD-2014-05987
Trust: 0.8
db:CNNVDid:CNNVD-201409-517
Trust: 0.8
db:JVNDBid:JVNDB-2014-004166
Trust: 0.8
db:IVDid:28F66F5A-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 28f66f5a-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-05987 // 
            
            
            
            BID: 69772 // 
            
            
            
            JVNDB: JVNDB-2014-004166 // 
            
            
            
            CNNVD: CNNVD-201409-517 // 
            
            
            
            NVD: CVE-2014-2376

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-14-224-01
Trust: 2.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2376
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2376
Trust: 0.8
url:http://www.securityfocus.com/bid/69772
Trust: 0.6
url:http://www.integraxor.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-05987 // 
            
            
            
            BID: 69772 // 
            
            
            
            JVNDB: JVNDB-2014-004166 // 
            
            
            
            CNNVD: CNNVD-201409-517 // 
            
            
            
            NVD: CVE-2014-2376

CREDITS
Alain Homewood
Trust: 0.3
sources:
            
            
            BID: 69772

SOURCES
db:IVDid:28f66f5a-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-05987
db:BIDid:69772
db:JVNDBid:JVNDB-2014-004166
db:CNNVDid:CNNVD-201409-517
db:NVDid:CVE-2014-2376

LAST UPDATE DATE
2025-04-13T23:23:53.077000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05987date:2014-09-18T00:00:00
db:BIDid:69772date:2014-09-11T00:00:00
db:JVNDBid:JVNDB-2014-004166date:2014-09-16T00:00:00
db:CNNVDid:CNNVD-201409-517date:2014-09-16T00:00:00
db:NVDid:CVE-2014-2376date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:28f66f5a-2352-11e6-abef-000c29c66e3ddate:2014-09-18T00:00:00
db:CNVDid:CNVD-2014-05987date:2014-09-18T00:00:00
db:BIDid:69772date:2014-09-11T00:00:00
db:JVNDBid:JVNDB-2014-004166date:2014-09-16T00:00:00
db:CNNVDid:CNNVD-201409-517date:2014-09-16T00:00:00
db:NVDid:CVE-2014-2376date:2014-09-15T14:55:11.150