7.5
CVE-2014-0752
- EPSS 1.63%
- Veröffentlicht 09.01.2014 18:07:26
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginEcava IntegraXor Exposure of Access Control List Files to an Unauthorized Control Sphere
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ecava ≫ Integraxor Version <= 4.1.4360
Ecava ≫ Integraxor Version3.5.3900.5
Ecava ≫ Integraxor Version3.5.3900.10
Ecava ≫ Integraxor Version3.6.4000.0
Ecava ≫ Integraxor Version3.60.4061
Ecava ≫ Integraxor Version3.71
Ecava ≫ Integraxor Version3.71.4200
Ecava ≫ Integraxor Version3.72
Ecava ≫ Integraxor Version4.00
Ecava ≫ Integraxor Version4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.63% | 0.731 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-529 Exposure of Access Control List Files to an Unauthorized Control Sphere
The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.
http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01
http://www.integraxor.com/blog/category/security/vulnerability-note/
https://www.cisa.gov/news-events/ics-advisories/icsa-14-008-01