CVE-2015-0978
https://notcve.org/view.php?id=CVE-2015-0978
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264. Múltiples vulnerabilidades de ruta de búsqueda no confiables en (1) EQATEC.Analytics.Monitor.Win32_vc100.dll y (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll en Elipse E3 4.5.232 a través de 4.6.161 permite a usaurios locales obtener privilegios a través de caballo de troya DLL en un directorio sin especificar. NOTA: esto puede superponerse a CVE-2015-2264. • https://ics-cert.us-cert.gov/advisories/ICSA-15-069-04A •
CVE-2014-5429
https://notcve.org/view.php?id=CVE-2014-5429
DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets. DNP Master Driver 3.02 y anteriores en Elipse SCADA 2.29 build 141 y anteriores, E3 1.0 hasta 4.6, y Elipse Power 1.0 hasta 4.6 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de paquetes malformados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-303-02 • CWE-399: Resource Management Errors •
CVE-2014-8652 – Elipse E3 - HTTP Denial of Service
https://notcve.org/view.php?id=CVE-2014-8652
Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681. Elipse E3 3.x y anteriores permite a atacantes remotos causar una denegación de servicio (caída de aplicación y interrupción de planta) a través de una serie rápida de solicitudes HTTP en index.html en el puerto TCP 1681. • https://www.exploit-db.com/exploits/35379 http://firebitsbr.wordpress.com/2014/07/16/vsla-security-advisory-fire-scada-dos-2013-001-http-dos-requests-flooding-crash-device-vulnerabilities-elipse-e3-scada-plc http://seclists.org/fulldisclosure/2014/Jul/69 • CWE-16: Configuration •