7.5
CVE-2014-0752
- EPSS 2.56%
- Veröffentlicht 09.01.2014 18:07:26
- Zuletzt bearbeitet 22.08.2025 23:15:30
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginThe SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ecava ≫ Integraxor Version <= 4.1.4360
Ecava ≫ Integraxor Version3.5.3900.5
Ecava ≫ Integraxor Version3.5.3900.10
Ecava ≫ Integraxor Version3.6.4000.0
Ecava ≫ Integraxor Version3.60.4061
Ecava ≫ Integraxor Version3.71
Ecava ≫ Integraxor Version3.71.4200
Ecava ≫ Integraxor Version3.72
Ecava ≫ Integraxor Version4.00
Ecava ≫ Integraxor Version4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.56% | 0.852 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-529 Exposure of Access Control List Files to an Unauthorized Control Sphere
The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.