CVE-2014-2377

EPSS 0.52%
Veröffentlicht 15.09.2014 14:55:11
Zuletzt bearbeitet 13.10.2025 23:15:35
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ecava ≫ Integraxor Version <= 4.1.4360

Ecava ≫ Integraxor Updatebeta Version <= 4.1.4392

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
ics-cert@hq.dhs.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable

The product uses an environment variable to store unencrypted sensitive information.

https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01

Third Party Advisory

US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01

https://nvd.nist.gov/vuln/detail/CVE-2014-2377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2377

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-2377