Ecava IntegraXor < 3.60.4050 Unspecified SQL Injection

critical Nessus Plugin ID 53549

Synopsis

The remote Windows host contains a SCADA application that is susceptible to a SQL injection attack.

Description

The version of IntegraXor installed on the remote host is earlier than 3.60 (Build 4050). As such, it reportedly contains an unspecified SQL injection vulnerability that can be exploited by an unauthenticated remote attacker and lead to data leakage, data manipulation, and remote code execution against the backend host running the database service.

Solution

Upgrade to version 3.60.4050.0 or later.

See Also

https://www.integraxor.com/integraxor-3-60-4050-dated-23mar11/

Plugin Details

Severity: Critical

ID: 53549

File Name: scada_integraxor_3_60_4050.nbin

Version: 1.69

Type: local

Family: SCADA

Published: 4/25/2011

Updated: 5/20/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SCADA/Apps/Ecava/IntegraXor/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/23/2011

Vulnerability Publication Date: 3/23/2011

Reference Information

CVE: CVE-2011-1562

BID: 47019

ICS-ALERT: 11-082-01