CVE-2015-0978
published 2015-03-14CVE-2015-0978: Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse…
PriorityP418medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.51%
39.5th percentile
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elipse | e3 | — | — |
| elipse | e3 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Elipse E3 Process Control Vulnerability
cisa_ics·2018-09-10
Elipse E3 Process Control Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Elipse E3 Process Control Vulnerability
Last RevisedSeptember 10, 2018
Alert CodeICSA-15-069-04
## OVERVIEW
Ivan Sanchez from Nullcode Team has identified a process control vulnerability in the Elipse E3 application. The process control vulnerability is a result of a third-party DLL, developed by Telerik, which is used in the Elipse E3 application. Elipse has released a new version that mitigates this vulnerability. The researcher has tested Elipse’s new version to validate that it resolves the vulnerability.
## AFFECTED PRODUCTS
The following Elipse E3 versions are affected:
CISA ICS
Elipse E3 Process Control Vulnerability (Update A)
cisa_ics·2015-03-10
Elipse E3 Process Control Vulnerability (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Elipse E3 Process Control Vulnerability (Update A)
Last RevisedAugust 27, 2018
Alert CodeICSA-15-069-04A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-15-069-04 Elipse E3 Process Control Vulnerability that was published March 10, 2015, on the NCCIC/ICS-CERT web site.
Ivan Sanchez from Nullcode Team has identified a process control vulnerability in the Elipse E3 application. The process control vulnerability is a result of a third-party DLL, developed by Telerik, which is used in the Elipse E3 application. Elipse has released a new version
GHSA
GHSA-mgf3-9wqj-vrvh: Multiple untrusted search path vulnerabilities in (1) EQATEC
ghsa_unreviewed·2022-05-17·CVSS 6.9
CVE-2015-0978 [MEDIUM] GHSA-mgf3-9wqj-vrvh: Multiple untrusted search path vulnerabilities in (1) EQATEC
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-03-14
Published