9

CVE-2014-2375

EPSS 2.32%
Veröffentlicht 15.09.2014 14:55:11
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Ecava IntegraXor SCADA Server External Control of File Name or Path

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ecava ≫ Integraxor Version <= 4.1.4360

Ecava ≫ Integraxor Updatebeta Version <= 4.1.4392

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.32%	0.812

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	10	8.5	AV:N/AC:L/Au:N/C:P/I:P/A:C
ics-cert@hq.dhs.gov	8.3	8.6	8.5	AV:N/AC:M/Au:N/C:P/I:P/A:C

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01

Patch

Third Party Advisory

US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01

https://nvd.nist.gov/vuln/detail/CVE-2014-2375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2375

EUVD