Detections
Analytics
Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities
high Nessus Plugin ID 77964
Language:
Synopsis
The remote Windows host contains a SCADA application that is affected by multiple vulnerabilities.Description
The version of Ecava IntegraXor installed on the remote host is a version prior to 4.2 Build 4458. It is, therefore, affected by multiple vulnerabilities :- A flaw related to IntegraXor's privilege management allows the unprivileged guest user account to execute arbitrary SQL statements and potentially upload malicious files. (CVE-2014-0786)
- A flaw in the way that IntegraXor exports report files allows a remote, unauthenticated attacker to read and write any file or cause a denial of service by writing extremely large files. (CVE-2014-2375)
- A SQL injection flaw allows a remote attacker to modify and read database entries that are normally restricted, including configuration entries. (CVE-2014-2376)
- A flaw exists in IntegraXor's built-in application tags that discloses path name information, which can be used in conjunction with other vulnerabilities to increase the likelihood of a successful attack. (CVE-2014-2377)
Solution
Upgrade to version 4.2.4458 or later.Plugin Details
Severity: High
ID: 77964
File Name: scada_integraxor_4_2_4458.nbin
Version: 1.106
Type: local
Family: SCADA
Published: 9/29/2014
Updated: 11/12/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C
CVSS Score Source: CVE-2014-2375
Vulnerability Information
CPE: cpe:/a:ecava:integraxor
Required KB Items: installed_sw/Ecava IntegraXor
Exploit Ease: No known exploits are available
Patch Publication Date: 9/11/2014
Vulnerability Publication Date: 9/11/2014
Reference Information
CVE: CVE-2014-0786, CVE-2014-2375, CVE-2014-2376, CVE-2014-2377
BID: 66554, 69767, 69772, 69774, 69776
ICSA: 14-091-01, 14-224-01