CVE-2014-9199 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
icscert	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Vendor	Product	Version
clorius_controls_a\/s	java_web_client	𝑥 ≤ 01.00.0009b

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-326 - Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://www.cloriuscontrols.com

https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-02

https://ics-cert.us-cert.gov/advisories/ICSA-15-013-02