CVE-2014-8652

Elipse E3 < 3.2 - Denial of Service via HTTP Request Flooding

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8652. PoCs published by firebitsbr.

AI-analyzed exploit summary This Go-based exploit performs a DoS attack against Elipse SCADA 3 by sending repeated HTTP requests to the target server, causing a hard lock or crash due to excessive connections. The code continuously loops, increasing the request count exponentially.

Description

Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.

Exploits (1)

exploitdb WORKING POC

by firebitsbr · godoswindows

https://www.exploit-db.com/exploits/35379

View Code ZIP pw:eip

This Go-based exploit performs a DoS attack against Elipse SCADA 3 by sending repeated HTTP requests to the target server, causing a hard lock or crash due to excessive connections. The code continuously loops, increasing the request count exponentially.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Elipse SCADA 3.x and prior

No auth needed

Prerequisites: Network access to the target server · Target running Elipse SCADA 3 with HTTP service exposed

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Jul/69

Exploit x_refsource_misc

http://firebitsbr.wordpress.com/2014/07/16/vsla-security-advisory-fire-scada-dos-2013-001-http-dos-requests-flooding-crash-device-vulnerabilities-elipse-e3-scada-plc/

Scores

EPSS 0.1378

EPSS Percentile 94.5%

Details

CWE

CWE-16

Status published

Products (1)

elipse/e3 < 3.2

Published Nov 10, 2014

Tracked Since Feb 18, 2026