CVE-2014-2377 - Vulnerability Details - OpenCVE

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00533.

Key SSVC decision points have not yet been added.

Vendors	Products
Ecava	Integraxor

Configuration 1 [-]

cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2014-2414	Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

Fixes

Solution

Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from: http://www.integraxor.com/download/rc.msi?4.2.4458

Workaround

No workaround given by the vendor.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01
https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01

History

Mon, 13 Oct 2025 23:00:00 +0000

Type	Values Removed	Values Added
Title		Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables
Weaknesses		CWE-526
References		https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01
Metrics	cvssV2_0 `{'score': 5.0, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N'}`	cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-09-15T14:00:00

Updated: 2025-10-13T22:48:15.434Z

Reserved: 2014-03-13T00:00:00

Link: CVE-2014-2377

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-09-15T14:55:11.197

Modified: 2025-10-13T23:15:35.197

Link: CVE-2014-2377

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IntegraXor SCADA Server", "vendor": "Ecava", "versions": [{"lessThanOrEqual": "v4.1.4360", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "v4.1.4392", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Andrea Micalizzi"}], "datePublic": "2014-09-11T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\nEcava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.\n\n</p>"}], "value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-526", "description": "CWE-526", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-13T22:48:15.434Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.2.4458\">http://www.integraxor.com/download/rc.msi?4.2.4458</a></p>\n\n<br>"}], "value": "Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\n\n\n http://www.integraxor.com/download/rc.msi?4.2.4458"}], "source": {"advisory": "ICSA-14-224-01", "discovery": "EXTERNAL"}, "title": "Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2375", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.255Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2377", "datePublished": "2014-09-15T14:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-13T22:48:15.434Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E950E11-0F45-4511-8E94-FA2575BE48F4", "versionEndIncluding": "4.1.4360", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*", "matchCriteriaId": "0858BD1B-7614-4864-A1A4-A3F6AA012068", "versionEndIncluding": "4.1.4392", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."}, {"lang": "es", "value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 y anteriores y Beta 4.1.4392 y anteriores permite a atacantes remotos descubrir nombres de rutas completas a trav\u00e9s de un tag de aplicaci\u00f3n."}], "id": "CVE-2014-2377", "lastModified": "2025-10-13T23:15:35.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-15T14:55:11.197", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-526"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Secondary"}]}