ID
VAR-201411-0077
CVE
CVE-2014-2374
TITLE
Accuenergy Acuvim II for AXN-NET Ethernet Module accessory vulnerability
Trust: 0.8
DESCRIPTION
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. Accuenergy Acuvim II is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to potentially sensitive information.This may lead to further attacks. AXN-NET Ethernet module 3.04 is vulnerable; other versions may also be affected
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | accuenergy | model: | axm-net | scope: | eq | version: | 3.04 | Trust: 1.6 |
| vendor: | accuenergy | model: | acuvim ii | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | accuenergy | model: | acuvim ii | scope: | - | version: | - | Trust: 0.8 |
| vendor: | accuenergy | model: | axn-net | scope: | eq | version: | 3.04 | Trust: 0.8 |
| vendor: | accuenergy | model: | axn-net ethernet module | scope: | eq | version: | 3.04 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.8 |
| problemtype: | CWE-602 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Release Notes | url: | http://www.accuenergy.com/firmware-update-axm-net | Trust: 0.8 |
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-14-275-02 | Trust: 2.7 |
| db: | NVD | id: | CVE-2014-2374 | Trust: 2.7 |
| db: | BID | id: | 70853 | Trust: 0.9 |
| db: | JVNDB | id: | JVNDB-2014-005230 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201411-007 | Trust: 0.6 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-14-275-02 | Trust: 2.7 |
| url: | http://www.accuenergy.com/firmware-update-axm-net | Trust: 1.6 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-14-275-02 | Trust: 1.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2374 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2374 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/70853 | Trust: 0.6 |
| url: | http://www.accuenergy.com/acuvim-ii-series-multifunction-power-meter | Trust: 0.3 |
CREDITS
Laisvis Lingvevicius
Trust: 0.9
SOURCES
| db: | BID | id: | 70853 |
| db: | CNNVD | id: | CNNVD-201411-007 |
| db: | JVNDB | id: | JVNDB-2014-005230 |
| db: | NVD | id: | CVE-2014-2374 |
LAST UPDATE DATE
2025-10-14T23:25:11.008000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 70853 | date: | 2014-10-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-201411-007 | date: | 2014-11-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-005230 | date: | 2014-11-06T00:00:00 |
| db: | NVD | id: | CVE-2014-2374 | date: | 2025-10-13T23:15:34.700 |
SOURCES RELEASE DATE
| db: | BID | id: | 70853 | date: | 2014-10-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-201411-007 | date: | 2014-10-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-005230 | date: | 2014-11-06T00:00:00 |
| db: | NVD | id: | CVE-2014-2374 | date: | 2014-11-05T11:55:04.683 |