Skip to main content

Integraxor CVE-2014-2377

MEDIUM
Cleartext Storage of Sensitive Information in an Environment Variable (CWE-526)
2014-09-15 ics-cert@hq.dhs.gov
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 15, 2014 - 14:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

AnalysisAI

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-526. Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Affected products include: Ecava Integraxor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-4700 CRITICAL
9.3 Feb 08

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier

CVE-2017-6050 CRITICAL
9.8 Jun 21

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. Rated critical severity (CVSS 9.

CVE-2016-8341 CRITICAL
9.8 Feb 13

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2012-0246 CRITICAL
9.3 Apr 02

Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote a

CVE-2014-0753 HIGH
7.8 Jan 21

Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a d

CVE-2014-2375 HIGH
8.3 Sep 15

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read

CVE-2014-0752 HIGH
7.5 Jan 09

The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via

CVE-2014-0786 HIGH
7.5 May 01

Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via S

CVE-2016-2306 HIGH
7.5 Apr 22

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext infor

CVE-2016-2299 HIGH
7.3 Apr 22

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL c

CVE-2014-2376 HIGH
7.5 Sep 15

SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier a

CVE-2016-2300 MEDIUM
6.5 Apr 22

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages

Share

CVE-2014-2377 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy