CVE-2014-9199
CVE-2014-9199 is a critical-severity vulnerability in Clorius Controls A/s Java Web Client with a CVSS 2.0 base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-326.
Key facts
- Severity: Critical (CVSS 2.0 base score 10.0)
- EPSS exploit prediction: 3% (83rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-326
- Affected product: Clorius Controls A/s Java Web Client
- Published:
- Last modified:
Description
The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.
Frequently asked questions
- What is CVE-2014-9199?
- The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.
- How severe is CVE-2014-9199?
- CVE-2014-9199 has a CVSS 2.0 base score of 10.0, rated critical severity.
- Is CVE-2014-9199 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (83rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-9199?
- CVE-2014-9199 affects Clorius Controls A/s Java Web Client. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2014-9199?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2014-9199 published?
- CVE-2014-9199 was published on 2015-01-17 and last updated on 2026-06-17.
References
- http://www.cloriuscontrols.com
- https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-02
- https://ics-cert.us-cert.gov/advisories/ICSA-15-013-02
Affected products (1)
- cpe:2.3:a:clorius_controls_a\/s:java_web_client:*:*:*:*:*:*:*:*
Other CWE-326 (Inadequate Encryption Strength) vulnerabilities
- CVE-2026-44523 — Critical (CVSS 10.0): Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the…
- CVE-2020-6966 — Critical (CVSS 10.0): In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information…
- CVE-2018-25272 — Critical (CVSS 9.8): ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and…
- CVE-2025-12478 — Critical (CVSS 9.8): Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2022-24116 — Critical (CVSS 9.8): Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II…
- CVE-2022-3273 — Critical (CVSS 9.8): Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
Browse all CWE-326 (Inadequate Encryption Strength) vulnerabilities →