Sign-up

ID

VAR-201409-0185


CVE

CVE-2014-2377


TITLE

Ecava Integraxor SCADA Server Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 28ebce7e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05986

DESCRIPTION

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks

Trust: 2.61

sources: NVD: CVE-2014-2377 // JVNDB: JVNDB-2014-004167 // CNVD: CNVD-2014-05986 // BID: 69774 // IVD: 28ebce7e-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 28ebce7e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05986

AFFECTED PRODUCTS

vendor:ecavamodel:integraxorscope:lteversion:4.1.4360

Trust: 1.0

vendor:ecavamodel:integraxorscope:lteversion:4.1.4392

Trust: 1.0

vendor:ecavamodel:integraxorscope:lteversion:beta 4.1.4392

Trust: 0.8

vendor:ecavamodel:integraxorscope:lteversion:stable 4.1.4360

Trust: 0.8

vendor:ecavamodel:integraxor scada serverscope:lteversion:<=4.1.4360

Trust: 0.6

vendor:ecavamodel:integraxorscope:eqversion:4.1.4360

Trust: 0.6

vendor:ecavamodel:integraxorscope:eqversion:4.1.4392

Trust: 0.6

vendor:integraxormodel: - scope:eqversion:*

Trust: 0.4

vendor:ecavamodel:integraxor scada serverscope:eqversion:4.1.4392

Trust: 0.3

vendor:ecavamodel:integraxor scada serverscope:eqversion:4.1.4360

Trust: 0.3

sources: IVD: 28ebce7e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05986 // BID: 69774 // JVNDB: JVNDB-2014-004167 // CNNVD: CNNVD-201409-518 // NVD: CVE-2014-2377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2377
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2377
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-05986
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201409-518
value: MEDIUM

Trust: 0.6

IVD: 28ebce7e-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2014-2377
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-05986
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 28ebce7e-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 28ebce7e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05986 // JVNDB: JVNDB-2014-004167 // CNNVD: CNNVD-201409-518 // NVD: CVE-2014-2377

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2014-004167 // NVD: CVE-2014-2377

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-518

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201409-518

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004167

PATCH
title:Top Pageurl:http://www.integraxor.com/
Trust: 0.8
title:Ecava Integraxor SCADA Server Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/50102
Trust: 0.6
title:igsetup-4.2.4470url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51664
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-05986 // 
            
            
            
            JVNDB: JVNDB-2014-004167 // 
            
            
            
            CNNVD: CNNVD-201409-518

EXTERNAL IDS
db:NVDid:CVE-2014-2377
Trust: 3.5
db:ICS CERTid:ICSA-14-224-01
Trust: 2.7
db:BIDid:69774
Trust: 0.9
db:CNVDid:CNVD-2014-05986
Trust: 0.8
db:CNNVDid:CNNVD-201409-518
Trust: 0.8
db:JVNDBid:JVNDB-2014-004167
Trust: 0.8
db:IVDid:28EBCE7E-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 28ebce7e-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-05986 // 
            
            
            
            BID: 69774 // 
            
            
            
            JVNDB: JVNDB-2014-004167 // 
            
            
            
            CNNVD: CNNVD-201409-518 // 
            
            
            
            NVD: CVE-2014-2377

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-14-224-01
Trust: 2.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2377
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2377
Trust: 0.8
url:http://www.securityfocus.com/bid/69774
Trust: 0.6
url:http://www.integraxor.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-05986 // 
            
            
            
            BID: 69774 // 
            
            
            
            JVNDB: JVNDB-2014-004167 // 
            
            
            
            CNNVD: CNNVD-201409-518 // 
            
            
            
            NVD: CVE-2014-2377

CREDITS
Alain Homewood
Trust: 0.3
sources:
            
            
            BID: 69774

SOURCES
db:IVDid:28ebce7e-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-05986
db:BIDid:69774
db:JVNDBid:JVNDB-2014-004167
db:CNNVDid:CNNVD-201409-518
db:NVDid:CVE-2014-2377

LAST UPDATE DATE
2025-04-13T23:23:52.990000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05986date:2014-09-18T00:00:00
db:BIDid:69774date:2014-09-11T00:00:00
db:JVNDBid:JVNDB-2014-004167date:2014-09-16T00:00:00
db:CNNVDid:CNNVD-201409-518date:2014-09-16T00:00:00
db:NVDid:CVE-2014-2377date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:28ebce7e-2352-11e6-abef-000c29c66e3ddate:2014-09-18T00:00:00
db:CNVDid:CNVD-2014-05986date:2014-09-18T00:00:00
db:BIDid:69774date:2014-09-11T00:00:00
db:JVNDBid:JVNDB-2014-004167date:2014-09-16T00:00:00
db:CNNVDid:CNNVD-201409-518date:2014-09-16T00:00:00
db:NVDid:CVE-2014-2377date:2014-09-15T14:55:11.197