DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| elipse | scada | * |
| elipse | power | * |
| elipse | e3 | * |
Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| elipse | e3 | * |
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| elipse | e3 | 4.5 |
| elipse | e3 | 4.6 |
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. After the first successful login, the server continues to accept the default password indefinitely without warning or enforcement. In real-world deployments, this service is often left enabled without changing the default credentials. As a result, a remote attacker with access to the service port could authenticate as an administrator and gain full control of the protocol’s administrative features.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| emo@eclipse.org | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| elipse | openmq | * |