CVE-2014-9199 - Vulnerability Details - OpenCVE

The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00656.

Key SSVC decision points have not yet been added.

Vendors	Products
Clorius Controls A\/s	Java Web Client

Configuration 1 [-]

cpe:2.3:a:clorius_controls_a\/s:java_web_client:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2014-9024	The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.

Fixes

Solution

Clorius Controls A/S produced an update (Version 01.00.0009g) that mitigates this vulnerability. Contact Clorius Controls A/S for more information at: http://www.cloriuscontrols.com

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.cloriuscontrols.com
https://ics-cert.us-cert.gov/advisories/ICSA-15-013-02
https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-02

History

Fri, 05 Sep 2025 21:45:00 +0000

Type	Values Removed	Values Added
Title		Clorius Controls A/S ISC SCADA Insecure Java Client Inadequate Encryption Strength
Weaknesses		CWE-326
References		http://www.cloriuscontrols.com https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-02
Metrics	cvssV2_0 `{'score': 5.0, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N'}`	cvssV2_0 `{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2015-01-17T02:00:00

Updated: 2025-09-05T21:23:35.441Z

Reserved: 2014-12-02T00:00:00

Link: CVE-2014-9199

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-01-17T02:59:06.520

Modified: 2025-09-05T22:15:33.613

Link: CVE-2014-9199

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "A/S Java web client", "vendor": "Clorius Controls", "versions": [{"lessThanOrEqual": "01.00.0009b", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Aditya Sood"}], "datePublic": "2015-01-13T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.</p>"}], "value": "The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-326", "description": "CWE-326", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-05T21:23:35.441Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-02"}, {"url": "http://www.cloriuscontrols.com"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Clorius Controls A/S produced an update (Version 01.00.0009g) that \nmitigates this vulnerability. Contact Clorius Controls A/S for more \ninformation at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\">mail@cloriuscontrols.com</a></p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.cloriuscontrols.com\">http://www.cloriuscontrols.com</a>\n\n<br>"}], "value": "Clorius Controls A/S produced an update (Version 01.00.0009g) that \nmitigates this vulnerability. Contact Clorius Controls A/S for more \ninformation at:\n\n\n http://www.cloriuscontrols.com"}], "source": {"advisory": "ICSA-15-013-02", "discovery": "EXTERNAL"}, "title": "Clorius Controls A/S ISC SCADA Insecure Java Client Inadequate Encryption Strength", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9199", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:24.875Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9199", "datePublished": "2015-01-17T02:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2025-09-05T21:23:35.441Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clorius_controls_a\\/s:java_web_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "6634973F-3F87-4AD7-B0AE-BE9CFAA5FD97", "versionEndIncluding": "01.00.0009b", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic."}, {"lang": "es", "value": "El cliente web Clorius Controls Java anterior a 01.00.0009g permite a atacantes remotos descubrir las credenciales mediante la captura de trafico de la red para trafico equivalente a texto plano."}], "id": "CVE-2014-9199", "lastModified": "2025-09-05T22:15:33.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-17T02:59:06.520", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://www.cloriuscontrols.com"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Secondary"}]}