1. CVE-Search
  2. CVE-2016-2306
ID CVE-2016-2306
Summary The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
References
Vulnerable Configurations
  • cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4340:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4340:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4380:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4380:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4390:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4390:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4393:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4393:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4450:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4450:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.2.4502:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.2.4502:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 27-04-2016 - 18:12)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:N/A:N
refmap via4
misc https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03
Last major update 27-04-2016 - 18:12
Published 22-04-2016 - 00:59
Last modified 27-04-2016 - 18:12
Back to Top