Details of VAR-201504-0076

ID

VAR-201504-0076

CVE

CVE-2015-0990

TITLE

Ecava IntegraXor SCADA Server Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2015-002079

DESCRIPTION

Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. A local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions

Trust: 2.7

sources: NVD: CVE-2015-0990 // JVNDB: JVNDB-2015-002079 // CNVD: CNVD-2015-02165 // BID: 73472 // IVD: 98f81d5e-2351-11e6-abef-000c29c66e3d // VULMON: CVE-2015-0990

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 98f81d5e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02165

AFFECTED PRODUCTS

vendor:	ecava	model:	integraxor	scope:	lte	version:	4.1.4450	Trust: 1.0
vendor:	ecava	model:	integraxor	scope:	lt	version:	4.2.4488	Trust: 0.8
vendor:	ecava	model:	integraxor scada server	scope:	lt	version:	4.2.4488	Trust: 0.6
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4450	Trust: 0.6
vendor:	ecava	model:	integraxor scada server	scope:	eq	version:	4.1.4392	Trust: 0.3
vendor:	ecava	model:	integraxor scada server	scope:	eq	version:	4.1.4360	Trust: 0.3
vendor:	ecava	model:	integraxor scada server	scope:	ne	version:	4.2.4488	Trust: 0.3
vendor:	integraxor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 98f81d5e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02165 // BID: 73472 // JVNDB: JVNDB-2015-002079 // CNNVD: CNNVD-201504-051 // NVD: CVE-2015-0990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0990
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0990
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-02165
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201504-051
value:	MEDIUM
Trust: 0.6
IVD:	98f81d5e-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2015-0990
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0990
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-02165
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	98f81d5e-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 98f81d5e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02165 // VULMON: CVE-2015-0990 // JVNDB: JVNDB-2015-002079 // CNNVD: CNNVD-201504-051 // NVD: CVE-2015-0990

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-002079 // NVD: CVE-2015-0990

THREAT TYPE

local

Trust: 0.9

sources: BID: 73472 // CNNVD: CNNVD-201504-051

TYPE

other

Trust: 0.8

sources: IVD: 98f81d5e-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201504-051

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002079

PATCH

title:	Top Page	url:	http://www.integraxor.com/	Trust: 0.8
title:	igsetup-4.2.4488.msi	url:	http://www.integraxor.com/download/rc.msi?4.2.4488	Trust: 0.8
title:	Patch for Ecava IntegraXor DLL Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/56916	Trust: 0.6
title:	igsetup-4.2.4488	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54805	Trust: 0.6

sources: CNVD: CNVD-2015-02165 // JVNDB: JVNDB-2015-002079 // CNNVD: CNNVD-201504-051

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0990	Trust: 3.6
db:	ICS CERT	id:	ICSA-15-090-02	Trust: 2.8
db:	CNVD	id:	CNVD-2015-02165	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-051	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002079	Trust: 0.8
db:	BID	id:	73472	Trust: 0.4
db:	IVD	id:	98F81D5E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULMON	id:	CVE-2015-0990	Trust: 0.1

sources: IVD: 98f81d5e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02165 // VULMON: CVE-2015-0990 // BID: 73472 // JVNDB: JVNDB-2015-002079 // CNNVD: CNNVD-201504-051 // NVD: CVE-2015-0990

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-090-02	Trust: 2.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0990	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0990	Trust: 0.8
url:	http://www.integraxor.com/download/rc.msi?4.2.4488	Trust: 0.6
url:	http://www.integraxor.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/73472	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036	Trust: 0.1

sources: CNVD: CNVD-2015-02165 // VULMON: CVE-2015-0990 // BID: 73472 // JVNDB: JVNDB-2015-002079 // CNNVD: CNNVD-201504-051 // NVD: CVE-2015-0990

CREDITS

Praveen Darshanam

Trust: 0.3

sources: BID: 73472

SOURCES

db:	IVD	id:	98f81d5e-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-02165
db:	VULMON	id:	CVE-2015-0990
db:	BID	id:	73472
db:	JVNDB	id:	JVNDB-2015-002079
db:	CNNVD	id:	CNNVD-201504-051
db:	NVD	id:	CVE-2015-0990

LAST UPDATE DATE

2025-04-12T23:14:24.559000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02165	date:	2015-04-03T00:00:00
db:	VULMON	id:	CVE-2015-0990	date:	2015-04-03T00:00:00
db:	BID	id:	73472	date:	2015-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-002079	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-051	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0990	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	98f81d5e-2351-11e6-abef-000c29c66e3d	date:	2015-04-03T00:00:00
db:	CNVD	id:	CNVD-2015-02165	date:	2015-04-03T00:00:00
db:	VULMON	id:	CVE-2015-0990	date:	2015-04-03T00:00:00
db:	BID	id:	73472	date:	2015-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-002079	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-051	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0990	date:	2015-04-03T10:59:12.227