ID
VAR-201411-0175
CVE
CVE-2014-8652
TITLE
Elipse E3 Service disruption in (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681. The Elipse E3 is a monitoring control and data acquisition system. Elipse has a denial of service vulnerability. An attacker could exploit this vulnerability to initiate a denial of service attack. E3 3.2 and prior versions are vulnerable. Elipse Software E3 is a set of HMI/SCADA platform that provides support for distributed applications, mission-critical applications and control centers from Elipse Software in Brazil
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | elipse | model: | e3 | scope: | eq | version: | 3.2 | Trust: 1.2 |
| vendor: | elipse | model: | e3 | scope: | lte | version: | 3.2 | Trust: 1.0 |
| vendor: | elipse | model: | e3 | scope: | lte | version: | 3.x | Trust: 0.8 |
| vendor: | elipse | model: | e3 | scope: | lt | version: | 3.2 | Trust: 0.6 |
| vendor: | elipse | model: | software e3 | scope: | eq | version: | 3.2 | Trust: 0.3 |
| vendor: | elipse | model: | software e3 | scope: | eq | version: | 3.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-16 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
configuration error
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | E3 Sobre o E3 | url: | http://www.elipse.com.br/port/e3.aspx | Trust: 0.8 |
| title: | Elipse denial of service vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/51791 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-8652 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2014-005320 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201411-125 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2014-08214 | Trust: 0.6 |
| db: | BID | id: | 71322 | Trust: 0.4 |
| db: | EXPLOIT-DB | id: | 35379 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-76597 | Trust: 0.1 |
REFERENCES
| url: | http://seclists.org/fulldisclosure/2014/jul/69 | Trust: 3.1 |
| url: | http://firebitsbr.wordpress.com/2014/07/16/vsla-security-advisory-fire-scada-dos-2013-001-http-dos-requests-flooding-crash-device-vulnerabilities-elipse-e3-scada-plc/ | Trust: 2.0 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8652 | Trust: 1.4 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8652 | Trust: 0.8 |
| url: | http://www.elipse.com.br/port/e3.aspx | Trust: 0.3 |
CREDITS
firebitsbr
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2014-08214 |
| db: | VULHUB | id: | VHN-76597 |
| db: | BID | id: | 71322 |
| db: | JVNDB | id: | JVNDB-2014-005320 |
| db: | CNNVD | id: | CNNVD-201411-125 |
| db: | NVD | id: | CVE-2014-8652 |
LAST UPDATE DATE
2025-04-13T23:39:40.854000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-08214 | date: | 2015-05-07T00:00:00 |
| db: | VULHUB | id: | VHN-76597 | date: | 2014-11-14T00:00:00 |
| db: | BID | id: | 71322 | date: | 2014-11-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-005320 | date: | 2014-11-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201411-125 | date: | 2014-11-14T00:00:00 |
| db: | NVD | id: | CVE-2014-8652 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-08214 | date: | 2014-11-12T00:00:00 |
| db: | VULHUB | id: | VHN-76597 | date: | 2014-11-10T00:00:00 |
| db: | BID | id: | 71322 | date: | 2014-11-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-005320 | date: | 2014-11-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201411-125 | date: | 2014-11-14T00:00:00 |
| db: | NVD | id: | CVE-2014-8652 | date: | 2014-11-10T11:55:09.970 |