Vulnerabilites related to Ecava - IntegraXor
var-201604-0071
Vulnerability from variot
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2302",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2302",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02340",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2302",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2302",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2302",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-02340",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-321",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-2302",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2302",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2016-02340",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.4
},
{
"db": "IVD",
"id": "58AEFD8A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2016-2302",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"id": "VAR-201604-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
}
]
},
"last_update_date": "2024-11-23T21:43:13.467000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Patch for Ecava IntegraXor Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2302"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2302"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86088"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"date": "2016-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-321"
},
{
"date": "2016-04-22T00:59:03.620000",
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"date": "2016-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-321"
},
{
"date": "2024-11-21T02:48:11.230000",
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
],
"trust": 0.6
}
}
var-201107-0258
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ecava IntegraXor is a human interface product that uses HTML and SVG. A cross-site scripting vulnerability exists in Ecava IntegraXor. Because the application lacks filtering of user-submitted data, an attacker exploits a vulnerability to steal cookie-based authentication credentials and execute arbitrary code in an uninformed user's browser in the context of the affected site. Ecava IntegraXor is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Ecava IntegraXor versions prior to 3.60.4080 are vulnerable. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial: http://secunia.com/products/corporate/vim/
TITLE: IntegraXor Unspecified Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA44321
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44321/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44321
RELEASE DATE: 2011-08-03
DISCUSS ADVISORY: http://secunia.com/advisories/44321/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44321/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44321
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain unspecified input is not properly sanitised before being returned to the user.
SOLUTION: Update to version 3.60 Build 4080.
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher via ICS CERT.
ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/security-issue-xss-vulnerability-note
ICS CERT (ICSA-11-147-02): http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201107-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 2.2,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 2.2,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.8,
"vendor": "ecava",
"version": "3.x"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "3.60 (build 4080)"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4080"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73788"
}
],
"trust": 0.3
},
"cve": "CVE-2011-2958",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-2958",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-2958",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-2958",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201107-434",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ecava IntegraXor is a human interface product that uses HTML and SVG. A cross-site scripting vulnerability exists in Ecava IntegraXor. Because the application lacks filtering of user-submitted data, an attacker exploits a vulnerability to steal cookie-based authentication credentials and execute arbitrary code in an uninformed user\u0027s browser in the context of the affected site. Ecava IntegraXor is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nEcava IntegraXor versions prior to 3.60.4080 are vulnerable. ----------------------------------------------------------------------\n\nThe Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. \n\nRead more and request a free trial:\nhttp://secunia.com/products/corporate/vim/\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Unspecified Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA44321\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44321/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321\n\nRELEASE DATE:\n2011-08-03\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44321/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44321/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to conduct cross-site scripting\nattacks. \n\nCertain unspecified input is not properly sanitised before being\nreturned to the user. \n\nSOLUTION:\nUpdate to version 3.60 Build 4080. \n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher via ICS CERT. \n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/security-issue-xss-vulnerability-note\n\nICS CERT (ICSA-11-147-02):\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "103691"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-11-147-02",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2011-2958",
"trust": 2.9
},
{
"db": "BID",
"id": "48958",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-2970",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064",
"trust": 0.6
},
{
"db": "XF",
"id": "68896",
"trust": 0.3
},
{
"db": "BID",
"id": "73788",
"trust": 0.3
},
{
"db": "IVD",
"id": "C2A1AA96-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "01AC8DC0-1F8E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "44321",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "103691",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "PACKETSTORM",
"id": "103691"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"id": "VAR-201107-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
}
],
"trust": 1.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
}
]
},
"last_update_date": "2024-11-23T22:56:50.110000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Issue XSS Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"title": "Patch for Ecava IntegraXor Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/4603"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-147-02.pdf"
},
{
"trust": 2.3,
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/48958"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68896"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2958"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2958"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/xforce/xfdb/68896"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44321/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44321/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "PACKETSTORM",
"id": "103691"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "PACKETSTORM",
"id": "103691"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-29T00:00:00",
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-08-03T00:00:00",
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"date": "2011-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"date": "2011-07-28T00:00:00",
"db": "BID",
"id": "73788"
},
{
"date": "2011-08-02T00:00:00",
"db": "BID",
"id": "48958"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"date": "2011-08-03T03:38:13",
"db": "PACKETSTORM",
"id": "103691"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"date": "2011-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-434"
},
{
"date": "2011-07-28T18:55:04.237000",
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"date": "2011-07-28T00:00:00",
"db": "BID",
"id": "73788"
},
{
"date": "2011-08-02T00:00:00",
"db": "BID",
"id": "48958"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"date": "2011-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"date": "2011-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-434"
},
{
"date": "2024-11-21T01:29:21.967000",
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "103691"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
],
"trust": 1.3
}
}
var-201409-0183
Vulnerability from variot
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi",
"sources": [
{
"db": "BID",
"id": "69767"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2375",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05990",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2375",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2375",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-05990",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-516",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2375",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69767",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165",
"trust": 0.8
},
{
"db": "IVD",
"id": "28FE4BBC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"id": "VAR-201409-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
]
},
"last_update_date": "2024-11-23T21:55:20.682000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server patch for arbitrary file read and write vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50105"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2375"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2375"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69767"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69767"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-516"
},
{
"date": "2014-09-15T14:55:11.103000",
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69767"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-516"
},
{
"date": "2024-11-21T02:06:10.290000",
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava Integraxor SCADA Server Arbitrary file read and write vulnerability",
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
],
"trust": 0.6
}
}
var-202203-2071
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCX files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-485"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-485"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "ZDI-22-485",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-485",
"trust": 0.7,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-485"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCX files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-485"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14275",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-485",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-485"
}
]
},
"id": "VAR-202203-2071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T01:34:46.771000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-485"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-485"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-485"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape PCX File Parsing Out-Of-Bound Read Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-485"
}
],
"trust": 0.7
}
}
var-201401-0367
Vulnerability from variot
Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a buffer overflow vulnerability that could be exploited by an attacker using any resource in any DLL in the command loader's home folder. Successful exploitation of the vulnerability could cause an application to crash or execute arbitrary code in the application context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Successful exploits will allow attackers to crash the system, denying service to legitimate users. IntegraXor 4.1.4380 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.72"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.71"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.60.4061"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.71"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.71.4200"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.72"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4360"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4369"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma at the S4 2014 conference",
"sources": [
{
"db": "BID",
"id": "64972"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0753",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0753",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00448",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "4761ae78-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0753",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0753",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-00448",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-400",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a buffer overflow vulnerability that could be exploited by an attacker using any resource in any DLL in the command loader\u0027s home folder. Successful exploitation of the vulnerability could cause an application to crash or execute arbitrary code in the application context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. \nSuccessful exploits will allow attackers to crash the system, denying service to legitimate users. \nIntegraXor 4.1.4380 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "BID",
"id": "64972"
},
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0753",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-016-01",
"trust": 3.0
},
{
"db": "OSVDB",
"id": "102171",
"trust": 1.0
},
{
"db": "BID",
"id": "64972",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00448",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219",
"trust": 0.8
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-14-015-01",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "56529",
"trust": 0.6
},
{
"db": "IVD",
"id": "4761AE78-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "BID",
"id": "64972"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"id": "VAR-201401-0367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
}
]
},
"last_update_date": "2024-11-23T22:13:50.149000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Buffer Overflow Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"title": "Patch for Ecava IntegraXor Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42590"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-016-01"
},
{
"trust": 1.6,
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"trust": 1.0,
"url": "http://osvdb.org/102171"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0753"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0753"
},
{
"trust": 0.6,
"url": "http://ics-cert.us-cert.gov/alerts/ics-alert-14-015-01"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56529"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "BID",
"id": "64972"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "BID",
"id": "64972"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-21T00:00:00",
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"date": "2014-01-16T00:00:00",
"db": "BID",
"id": "64972"
},
{
"date": "2014-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"date": "2014-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-400"
},
{
"date": "2014-01-21T01:55:03.620000",
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"date": "2014-01-20T01:02:00",
"db": "BID",
"id": "64972"
},
{
"date": "2014-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"date": "2014-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-400"
},
{
"date": "2024-11-21T02:02:44.850000",
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
],
"trust": 0.8
}
}
var-201405-0459
Vulnerability from variot
Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the "guest" user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4393 are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4340"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1"
},
{
"_id": null,
"model": "integraxor",
"scope": null,
"trust": 1.4,
"vendor": "ecava",
"version": null
},
{
"_id": null,
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"_id": null,
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.1.4393"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.x"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"_id": null,
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"_id": null,
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4340"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4360"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4369"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4380"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0786",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0786",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0786",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-02109",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "06e54bac-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2014-0786",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0786",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0786",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-02109",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-616",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"description": {
"_id": null,
"data": "Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the \"guest\" user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. \nVersions prior to IntegraXor 4.1.4393 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 4.14
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0786",
"trust": 5.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-091-01",
"trust": 2.4
},
{
"db": "BID",
"id": "66554",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-02109",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2310",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-369",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2041",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-117",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 0.3
},
{
"db": "BID",
"id": "69776",
"trust": 0.3
},
{
"db": "IVD",
"id": "06E54BAC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"id": "VAR-201405-0459",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
}
]
},
"last_update_date": "2024-11-23T21:55:20.755000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Account Information Disclosure Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01"
},
{
"title": "Ecava IntegraXor Account Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44617"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-091-01"
},
{
"trust": 1.6,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0786"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0786"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/blog/account-information-disclosure-vulnerability-note/"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-369",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-117",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-02109",
"ident": null
},
{
"db": "BID",
"id": "69776",
"ident": null
},
{
"db": "BID",
"id": "66554",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0786",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-14-369",
"ident": null
},
{
"date": "2014-05-02T00:00:00",
"db": "ZDI",
"id": "ZDI-14-117",
"ident": null
},
{
"date": "2014-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02109",
"ident": null
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69776",
"ident": null
},
{
"date": "2014-04-01T00:00:00",
"db": "BID",
"id": "66554",
"ident": null
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002340",
"ident": null
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-616",
"ident": null
},
{
"date": "2014-05-01T01:56:10.490000",
"db": "NVD",
"id": "CVE-2014-0786",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-14-369",
"ident": null
},
{
"date": "2014-05-02T00:00:00",
"db": "ZDI",
"id": "ZDI-14-117",
"ident": null
},
{
"date": "2014-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02109",
"ident": null
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69776",
"ident": null
},
{
"date": "2014-10-29T00:59:00",
"db": "BID",
"id": "66554",
"ident": null
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002340",
"ident": null
},
{
"date": "2014-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-616",
"ident": null
},
{
"date": "2024-11-21T02:02:48.120000",
"db": "NVD",
"id": "CVE-2014-0786",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
],
"trust": 0.6
}
}
var-201409-0184
Vulnerability from variot
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "69772"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2376",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05987",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2376",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2376",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-05987",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-517",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2376",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69772",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05987",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166",
"trust": 0.8
},
{
"db": "IVD",
"id": "28F66F5A-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"id": "VAR-201409-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
}
]
},
"last_update_date": "2024-11-23T21:55:20.645000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50104"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2376"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2376"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69772"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69772"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-517"
},
{
"date": "2014-09-15T14:55:11.150000",
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69772"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-517"
},
{
"date": "2024-11-21T02:06:10.400000",
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA On the server SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
],
"trust": 0.8
}
}
var-202203-2047
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-492"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-492"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "ZDI-22-492",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-492",
"trust": 0.7,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-492"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14446",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-492",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-492"
}
]
},
"id": "VAR-202203-2047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:07:55.335000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-492"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-492"
}
],
"trust": 0.7
}
}
var-201604-0070
Vulnerability from variot
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor is a web-based tool for Ecava Malaysia to create and run HMI interfaces (human machine interfaces) for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-2301",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-02397",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "f20a055e-8897-11e7-a432-000c2975a0fc",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-2301",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2301",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2301",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-02397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor is a web-based tool for Ecava Malaysia to create and run HMI interfaces (human machine interfaces) for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2301",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02397",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "F20A055E-8897-11E7-A432-000C2975A0FC",
"trust": 0.2
},
{
"db": "IVD",
"id": "58B1F1E8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"id": "VAR-201604-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
}
],
"trust": 1.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
}
]
},
"last_update_date": "2024-11-23T21:43:13.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74422"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2301"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2301"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-20T00:00:00",
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"date": "2016-04-20T00:00:00",
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-322"
},
{
"date": "2016-04-22T00:59:02.637000",
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-322"
},
{
"date": "2024-11-21T02:48:11.127000",
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
],
"trust": 1.0
}
}
var-201302-0027
Vulnerability from variot
Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. Ecava IntegraXor is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: IntegraXor ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA52073
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52073
RELEASE DATE: 2013-02-06
DISCUSS ADVISORY: http://secunia.com/advisories/52073/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52073/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52073
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 4.00 build 4250.0 and prior.
SOLUTION: Update to version 4.00 build 4280.0.
PROVIDED AND/OR DISCOVERED BY: Andrew Brooks
ORIGINAL ADVISORY: ICS-CERT: http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201302-0027",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.72"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.71"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "scada server 4.00 build 4250.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.00.4250"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "4.00.4280"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.71"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.72"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57767"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Brooks",
"sources": [
{
"db": "BID",
"id": "57767"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4700",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-4700",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4700",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-4700",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201302-128",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. Ecava IntegraXor is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA52073\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52073/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073\n\nRELEASE DATE:\n2013-02-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52073/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52073/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in version 4.00 build 4250.0 and prior. \n\nSOLUTION:\nUpdate to version 4.00 build 4280.0. \n\nPROVIDED AND/OR DISCOVERED BY:\nAndrew Brooks\n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "BID",
"id": "57767"
},
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "120110"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4700",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-13-036-02",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52073",
"trust": 0.8
},
{
"db": "BID",
"id": "57767",
"trust": 0.3
},
{
"db": "IVD",
"id": "1AA8E3F0-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "120110",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57767"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "PACKETSTORM",
"id": "120110"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"id": "VAR-201302-0027",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 0.47383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2024-11-23T22:59:47.900000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Issue for ActiveX enabled browser Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-036-02.pdf"
},
{
"trust": 1.9,
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4700"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4700"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52073"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52073/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52073/"
}
],
"sources": [
{
"db": "BID",
"id": "57767"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "PACKETSTORM",
"id": "120110"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57767"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "PACKETSTORM",
"id": "120110"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-18T00:00:00",
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-05T00:00:00",
"db": "BID",
"id": "57767"
},
{
"date": "2013-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"date": "2013-02-07T07:09:34",
"db": "PACKETSTORM",
"id": "120110"
},
{
"date": "2013-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-128"
},
{
"date": "2013-02-08T05:50:40.767000",
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-05T00:00:00",
"db": "BID",
"id": "57767"
},
{
"date": "2013-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"date": "2013-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-128"
},
{
"date": "2024-11-21T01:43:22.777000",
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IntegraXor ActiveX Control Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
],
"trust": 0.8
}
}
var-201604-0073
Vulnerability from variot
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A remote attacker can exploit the vulnerability to steal cookies and log in as an administrator. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-2304",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02341",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "58b0282c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-2304",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2304",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2304",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-02341",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A remote attacker can exploit the vulnerability to steal cookies and log in as an administrator. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2304",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B0282C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"id": "VAR-201604-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
}
]
},
"last_update_date": "2024-11-23T21:43:13.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/?utm_expid=85936669-18.g6a4ksnoTkmqs1O7Qp5nNg.1\u0026utm_referrer=http%3A%2F%2Fjvndb.jvn.jp%2Fja%2Fcontents%2F2016%2FJVNDB-2016-002350.html"
},
{
"title": "Patch for Ecava IntegraXor Information Disclosure Vulnerability (CNVD-2016-02341)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74344"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2304"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2304"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-318"
},
{
"date": "2016-04-22T00:59:05.447000",
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-318"
},
{
"date": "2024-11-21T02:48:11.443000",
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
],
"trust": 0.6
}
}
var-201604-0074
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-2305",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02333",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "58b0b288-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-2305",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2305",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2305",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-02333",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-317",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2305",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02333",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B0B288-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"id": "VAR-201604-0074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
}
]
},
"last_update_date": "2024-11-23T21:43:13.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Patch for Ecava IntegraXor Cross-Site Scripting Vulnerability (CNVD-2016-02333)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74342"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2305"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2305"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-317"
},
{
"date": "2016-04-22T00:59:06.433000",
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-317"
},
{
"date": "2024-11-21T02:48:11.553000",
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
],
"trust": 0.6
}
}
var-201504-0076
Vulnerability from variot
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. A local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4450"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": "integraxor scada server",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4450"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Praveen Darshanam",
"sources": [
{
"db": "BID",
"id": "73472"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2015-0990",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0990",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0990",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02165",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-051",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0990",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. \nA local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0990",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-02",
"trust": 2.8
},
{
"db": "CNVD",
"id": "CNVD-2015-02165",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079",
"trust": 0.8
},
{
"db": "BID",
"id": "73472",
"trust": 0.4
},
{
"db": "IVD",
"id": "98F81D5E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2015-0990",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"id": "VAR-201504-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
}
]
},
"last_update_date": "2024-11-23T22:56:25.938000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "igsetup-4.2.4488.msi",
"trust": 0.8,
"url": "http://www.integraxor.com/download/rc.msi?4.2.4488"
},
{
"title": "Patch for Ecava IntegraXor DLL Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56916"
},
{
"title": "igsetup-4.2.4488",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54805"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0990"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0990"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/download/rc.msi?4.2.4488"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73472"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73472"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-051"
},
{
"date": "2015-04-03T10:59:12.227000",
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73472"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-051"
},
{
"date": "2024-11-21T02:24:05.640000",
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "73472"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
],
"trust": 0.8
}
}
var-201401-0366
Vulnerability from variot
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a sensitive information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain project directory information. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4369 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0366",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.72"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.71"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.2,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"model": "integraxor",
"scope": null,
"trust": 0.6,
"vendor": "ecava",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.60.4061"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.71"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.71.4200"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.72"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "4.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
}
],
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alphazorx aka technically.screwed",
"sources": [
{
"db": "BID",
"id": "64351"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
],
"trust": 0.9
},
"cve": "CVE-2014-0752",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0752",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-15287",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00197",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "76051468-1ef7-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "524f1eec-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0752",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0752",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-15287",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00197",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-342",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a sensitive information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain project directory information. Ecava IntegraXor is prone to an information-disclosure vulnerability. \nVersions prior to IntegraXor 4.1.4369 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0752",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-008-01",
"trust": 3.0
},
{
"db": "BID",
"id": "64351",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2013-15287",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-00197",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027",
"trust": 0.8
},
{
"db": "IVD",
"id": "76051468-1EF7-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "524F1EEC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"id": "VAR-201401-0366",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
}
],
"trust": 1.87383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
}
]
},
"last_update_date": "2024-11-23T23:02:50.430000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ecava.com/"
},
{
"title": "Security Issue for Project Directory Information Disclosure Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"title": "Ecava IntegraXor SCADA server any project backup file read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42265"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-008-01"
},
{
"trust": 1.6,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/64351"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0752"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0752"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-13T00:00:00",
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"date": "2013-12-15T00:00:00",
"db": "BID",
"id": "64351"
},
{
"date": "2014-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"date": "2013-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-342"
},
{
"date": "2014-01-09T18:07:26.597000",
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"date": "2014-01-09T13:21:00",
"db": "BID",
"id": "64351"
},
{
"date": "2014-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"date": "2014-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-342"
},
{
"date": "2024-11-21T02:02:44.710000",
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Project Directory Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
],
"trust": 0.6
}
}
var-201712-0123
Vulnerability from variot
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter provided to the getdata page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. Ecava IntegraXor 6.1.1030.1 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.8,
"vendor": "ecava",
"version": "6.1.1030.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "6.1.1030.1"
},
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=6.1.1030.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "6.0.522.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite Michael DePlante and Brad Taylor",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1000"
}
],
"trust": 0.7
},
"cve": "CVE-2017-16735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16735",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16735",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37693",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16735",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16735",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-16735",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2017-16735",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37693",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-745",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter provided to the getdata page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. \nEcava IntegraXor 6.1.1030.1 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16735",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-03",
"trust": 2.7
},
{
"db": "BID",
"id": "102223",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-37693",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5386",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-1000",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-04",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DFA810-39AB-11E9-84D4-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"id": "VAR-201712-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
}
]
},
"last_update_date": "2024-11-23T22:00:47.763000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.integraxor.com/"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
},
{
"title": "Patch for Ecava IntegraXor SQL Injection Vulnerability (CNVD-2017-37693)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111295"
},
{
"title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77237"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16735"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16735"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-04"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/102223"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102223"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-745"
},
{
"date": "2017-12-20T19:29:00.350000",
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102223"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-745"
},
{
"date": "2024-11-21T03:16:52.473000",
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
],
"trust": 0.8
}
}
var-202203-2040
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-487"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "ZDI-22-487",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-487",
"trust": 0.7,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-487"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14382",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-487",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-487"
}
]
},
"id": "VAR-202203-2040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T01:55:41.684000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-487"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-487"
}
],
"trust": 0.7
}
}
var-201604-0075
Vulnerability from variot
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A transport unencrypted vulnerability exists in versions of Ecava IntegraXor 5.0 build prior to 4522 that originated from the HMI web server transmitting unencrypted data. A remote attacker could exploit this vulnerability to gain full access to the affected system. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2306",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02332",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "58b13578-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2306",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2306",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2306",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-02332",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-316",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A transport unencrypted vulnerability exists in versions of Ecava IntegraXor 5.0 build prior to 4522 that originated from the HMI web server transmitting unencrypted data. A remote attacker could exploit this vulnerability to gain full access to the affected system. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2306",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02332",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B13578-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"id": "VAR-201604-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
}
]
},
"last_update_date": "2024-11-23T21:43:13.389000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor transmits patches for unencrypted vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2306"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2306"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-316"
},
{
"date": "2016-04-22T00:59:07.447000",
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-316"
},
{
"date": "2024-11-21T02:48:11.660000",
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor of HMI Web Vulnerability in server that can retrieve important plaintext information",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
],
"trust": 0.6
}
}
var-201604-0068
Vulnerability from variot
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists in the handling of summary_opt report requests. The vulnerability is caused by the lack of input validation before using remotely supplied strings to construct SQL queries. By sending a specially crafted request to a vulnerable system, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code in the context of the process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor failed to perform input validation. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "integraxor",
"scope": null,
"trust": 4.1,
"vendor": "ecava",
"version": null
},
{
"_id": null,
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"_id": null,
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
}
],
"trust": 3.0
},
"cve": "CVE-2016-2299",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2299",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 5.4,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02275",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2299",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-2299",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2299",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2299",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-02275",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-256",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-2299",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"description": {
"_id": null,
"data": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists in the handling of summary_opt report requests. The vulnerability is caused by the lack of input validation before using remotely supplied strings to construct SQL queries. By sending a specially crafted request to a vulnerable system, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code in the context of the process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor failed to perform input validation. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2299"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
}
],
"trust": 5.85
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-2299",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 2.8
},
{
"db": "ZDI",
"id": "ZDI-16-240",
"trust": 2.1
},
{
"db": "ZDI",
"id": "ZDI-16-236",
"trust": 2.1
},
{
"db": "ZDI",
"id": "ZDI-16-239",
"trust": 2.1
},
{
"db": "ZDI",
"id": "ZDI-16-237",
"trust": 2.1
},
{
"db": "ZDI",
"id": "ZDI-16-238",
"trust": 2.1
},
{
"db": "CNVD",
"id": "CNVD-2016-02275",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3322",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3325",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3321",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3326",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3320",
"trust": 0.7
},
{
"db": "BID",
"id": "86026",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B5AA68-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2016-2299",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"id": "VAR-201604-0068",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
}
]
},
"last_update_date": "2024-11-23T21:43:13.326000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ecava has produced a new release that addresses the reported vulnerabilities, as well as some identified security risks, in Version 5.0, build 4522. and https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"trust": 3.5,
"url": "http://www.integraxor.com/download/beta.msi?5.0.4522.2"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com"
},
{
"title": "Patch for Ecava IntegraXor Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74223"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 6.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 4.1,
"url": "http://www.integraxor.com/download/beta.msi?5.0.4522.2"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-238"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-237"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-239"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-240"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-236"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2299"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2299"
},
{
"trust": 0.3,
"url": "http://ecava.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-240",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-236",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-239",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-237",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-238",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2016-02275",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2016-2299",
"ident": null
},
{
"db": "BID",
"id": "86026",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-2299",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-04-18T00:00:00",
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-240",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-236",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-239",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-237",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-238",
"ident": null
},
{
"date": "2016-04-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02275",
"ident": null
},
{
"date": "2016-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2299",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "BID",
"id": "86026",
"ident": null
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002344",
"ident": null
},
{
"date": "2016-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-256",
"ident": null
},
{
"date": "2016-04-22T00:59:00.120000",
"db": "NVD",
"id": "CVE-2016-2299",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-240",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-236",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-239",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-237",
"ident": null
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-238",
"ident": null
},
{
"date": "2016-04-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02275",
"ident": null
},
{
"date": "2016-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2299",
"ident": null
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86026",
"ident": null
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002344",
"ident": null
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-256",
"ident": null
},
{
"date": "2024-11-21T02:48:10.917000",
"db": "NVD",
"id": "CVE-2016-2299",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Ecava IntegraXor Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
}
],
"trust": 0.8
}
}
var-201604-0072
Vulnerability from variot
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Ecava IntegraXor Is CRLF An injection vulnerability exists. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. The Ecava IntegraXor HMI failed to properly handle specific elements in the input, allowing remote attackers to exploit the vulnerability to bypass security restrictions. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2303",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2303",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02330",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2303",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2303",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2303",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-02330",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-319",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Ecava IntegraXor Is CRLF An injection vulnerability exists. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. The Ecava IntegraXor HMI failed to properly handle specific elements in the input, allowing remote attackers to exploit the vulnerability to bypass security restrictions. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2303",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02330",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58AF9C0E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"id": "VAR-201604-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
}
]
},
"last_update_date": "2024-11-23T21:43:13.506000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor HMI Permissions Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74340"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2303"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2303"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-319"
},
{
"date": "2016-04-22T00:59:04.540000",
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-319"
},
{
"date": "2024-11-21T02:48:11.343000",
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor In CRLF Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
],
"trust": 0.6
}
}
var-202203-2075
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-489"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-489"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "ZDI-22-489",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-489",
"trust": 0.7,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-489"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-489"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14384",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-489",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-489"
}
]
},
"id": "VAR-202203-2075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T01:43:01.232000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-489"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-489"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-489"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-489"
}
],
"trust": 0.7
}
}
var-201312-0633
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the storing of credentials in cleartext. The issue lies in the ability to bypass file access restrictions. This can be used along with the automatic creation of backup files, which are created whenever changes are made to a project. By abusing this flaw an attacker can disclose credentials and possibly leverage this situation to achieve remote code execution.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0633",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alphazorx aka technically.screwed",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ZDI-13-277",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "ZDI-13-277",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the storing of credentials in cleartext. The issue lies in the ability to bypass file access restrictions. This can be used along with the automatic creation of backup files, which are created whenever changes are made to a project. By abusing this flaw an attacker can disclose credentials and possibly leverage this situation to achieve remote code execution.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1988",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-277",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"id": "VAR-201312-0633",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:09:05.466000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Project Directory Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
],
"trust": 0.7
}
}
var-201604-0069
Vulnerability from variot
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0069",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2300",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2300",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-02334",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "58b67af6-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2300",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2300",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2300",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-02334",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-320",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2300",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02334",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B67AF6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"id": "VAR-201604-0069",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
}
]
},
"last_update_date": "2024-11-23T21:43:13.426000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor Permissions bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74346"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2300"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2300"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-320"
},
{
"date": "2016-04-22T00:59:01.370000",
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-320"
},
{
"date": "2024-11-21T02:48:11.020000",
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
],
"trust": 0.6
}
}
var-201706-0471
Vulnerability from variot
A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. IntegraXor versions 5.2.1231.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0471",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.8,
"vendor": "ecava",
"version": "5.2.1231.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "5.2.1231.0"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=5.2.1231.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4410"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4393"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "5.2.722.2"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "5.0.413.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "5.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4450"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4340"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.72"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "6.0.522.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Martin of Tenable Security",
"sources": [
{
"db": "BID",
"id": "99164"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6050",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6050",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-15807",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6050",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6050",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6050",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-15807",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-882",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nIntegraXor versions 5.2.1231.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6050",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-171-01",
"trust": 3.3
},
{
"db": "BID",
"id": "99164",
"trust": 2.5
},
{
"db": "TENABLE",
"id": "TRA-2017-24",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2017-15807",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "36941",
"trust": 0.6
},
{
"db": "IVD",
"id": "0852AA5F-E070-4AD6-AB62-B472502A6B07",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"id": "VAR-201706-0471",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
}
]
},
"last_update_date": "2024-11-23T22:52:25.644000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98489"
},
{
"title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71126"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-171-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/99164"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/research/tra-2017-24"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6050"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6050"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36941"
},
{
"trust": 0.3,
"url": "https://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-21T00:00:00",
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"date": "2017-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"date": "2017-06-20T00:00:00",
"db": "BID",
"id": "99164"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-882"
},
{
"date": "2017-06-21T19:29:00.337000",
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"date": "2017-06-20T00:00:00",
"db": "BID",
"id": "99164"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-882"
},
{
"date": "2024-11-21T03:28:59.447000",
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
],
"trust": 0.8
}
}
var-202203-2060
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "ZDI-22-486",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-486",
"trust": 0.7,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14381",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-486",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"id": "VAR-202203-2060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:10:25.526000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
],
"trust": 0.7
}
}
var-201104-0286
Vulnerability from variot
Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to an unspecified SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to IntegraXor 3.60.4050 are vulnerable. ----------------------------------------------------------------------
Q1 Factsheets released:
http://secunia.com/resources/factsheets/2011_vendor/
TITLE: IntegraXor SQL Database Insecure Permissions Security Issue
SECUNIA ADVISORY ID: SA44105
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44105
RELEASE DATE: 2011-04-12
DISCUSS ADVISORY: http://secunia.com/advisories/44105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44105/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A security issue has been reported in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data.
SOLUTION: Update to version 3.6.4000.5.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Dan Rosenberg, Virtual Security Research (VSR).
ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201104-0286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.5,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "hmi 3.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
}
],
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dan Rosenberg",
"sources": [
{
"db": "BID",
"id": "47019"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1562",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-1562",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-1562",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-1562",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201104-024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to an unspecified SQL-injection vulnerability because it fails to properly sanitize user-supplied input. \nExploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nVersions prior to IntegraXor 3.60.4050 are vulnerable. ----------------------------------------------------------------------\n\n\nQ1 Factsheets released:\n\nhttp://secunia.com/resources/factsheets/2011_vendor/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor SQL Database Insecure Permissions Security Issue\n\nSECUNIA ADVISORY ID:\nSA44105\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44105/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105\n\nRELEASE DATE:\n2011-04-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44105/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44105/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in IntegraXor, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation and manipulate certain data. \n\nSOLUTION:\nUpdate to version 3.6.4000.5. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Dan Rosenberg, Virtual Security Research (VSR). \n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "100305"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "47019",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-11-082-01",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2011-1562",
"trust": 3.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0761",
"trust": 1.6
},
{
"db": "XF",
"id": "66306",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "44105",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-1239",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "HTTP://WWW.US-CERT.GOV/CONTROL_SYSTEMS/PDF/ICSA-11-082-01.PDF",
"trust": 0.6
},
{
"db": "IVD",
"id": "1BC35CBE-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "C65F51E6-1F9A-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "100305",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "PACKETSTORM",
"id": "100305"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"id": "VAR-201104-0286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
}
],
"trust": 1.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
}
]
},
"last_update_date": "2024-11-23T23:06:33.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Issue SQL Unauthenticated Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
},
{
"title": "Ecava IntegraXor patch for unknown SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/3394"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-082-01.pdf"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/47019"
},
{
"trust": 1.9,
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2011/0761"
},
{
"trust": 1.4,
"url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/66306"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/44105"
},
{
"trust": 1.0,
"url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1562"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1562"
},
{
"trust": 0.6,
"url": "http://twitter.com/#!/djrbliss/status/50685527749431296"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44105/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44105/"
},
{
"trust": 0.1,
"url": "http://secunia.com/resources/factsheets/2011_vendor/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "PACKETSTORM",
"id": "100305"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "PACKETSTORM",
"id": "100305"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-25T00:00:00",
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"date": "2011-03-25T00:00:00",
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"date": "2011-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"date": "2011-03-23T00:00:00",
"db": "BID",
"id": "47019"
},
{
"date": "2011-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"date": "2011-04-12T06:01:39",
"db": "PACKETSTORM",
"id": "100305"
},
{
"date": "2011-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-024"
},
{
"date": "2011-04-05T15:19:35.587000",
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"date": "2011-04-11T11:35:00",
"db": "BID",
"id": "47019"
},
{
"date": "2011-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"date": "2011-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-024"
},
{
"date": "2024-11-21T01:26:36.320000",
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor HMI Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
],
"trust": 1.0
}
}
var-202203-2044
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-490"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "ZDI-22-490",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-490",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-490"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-490"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14444",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-490",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-490"
}
]
},
"id": "VAR-202203-2044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:00:58.949000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-490"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-490"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-490"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape WMF File Parsing Memory Corruption Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-490"
}
],
"trust": 0.7
}
}
var-201012-0059
Vulnerability from variot
Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. Ecava IntegraXor Contains a buffer overflow vulnerability. Ecava IntegraXor Is 1024 Writing over bytes can cause a buffer overflow on the stack.Ecava IntegraXor Service disruption by a third party with access to (DoS) An attacker may be able to attack or execute arbitrary code. Ecava IntegraXor is a human interface product that uses HTML and SVG. When sending a request that exceeds 1024 bytes, IntegraXor will write out the buffer and destroy the memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: IntegraXor Project ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA42650
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42650/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42650
RELEASE DATE: 2010-12-27
DISCUSS ADVISORY: http://secunia.com/advisories/42650/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42650/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42650
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in IntegraXor, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 3.5.3900.5. Other versions may also be affected.
SOLUTION: Update to version 3.5.3900.10 or later.
PROVIDED AND/OR DISCOVERED BY: Jeremy Brown
ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.5,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "v3.5 (build 3900.10) earlier"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
}
],
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeremy Brown",
"sources": [
{
"db": "BID",
"id": "45487"
}
],
"trust": 0.3
},
"cve": "CVE-2010-4597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-4597",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-4597",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#603928",
"trust": 0.8,
"value": "21.83"
},
{
"author": "NVD",
"id": "CVE-2010-4597",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-313",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2010-4597",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. Ecava IntegraXor Contains a buffer overflow vulnerability. Ecava IntegraXor Is 1024 Writing over bytes can cause a buffer overflow on the stack.Ecava IntegraXor Service disruption by a third party with access to (DoS) An attacker may be able to attack or execute arbitrary code. Ecava IntegraXor is a human interface product that uses HTML and SVG. When sending a request that exceeds 1024 bytes, IntegraXor will write out the buffer and destroy the memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Project ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42650\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42650/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650\n\nRELEASE DATE:\n2010-12-27\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42650/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42650/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 3.5.3900.5. Other versions\nmay also be affected. \n\nSOLUTION:\nUpdate to version 3.5.3900.10 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nJeremy Brown\n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "PACKETSTORM",
"id": "97061"
}
],
"trust": 3.87
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=15767",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4597"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#603928",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2010-4597",
"trust": 3.4
},
{
"db": "BID",
"id": "45487",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-10-322-01",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2010-3275",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "42650",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "15767",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2010-3307",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "16220",
"trust": 0.6
},
{
"db": "IVD",
"id": "8881EA8C-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7ABAF0-463F-11E9-AF73-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7C5841BA-1FA5-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2010-4597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97061",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "PACKETSTORM",
"id": "97061"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"id": "VAR-201012-0059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
}
],
"trust": 1.47383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
}
]
},
"last_update_date": "2024-11-23T23:03:01.721000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IntegraXor 3.5 SCADA Security Issue 20101006-0109 Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"title": "Patch for Ecava IntegraXor Remote Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/2206"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/603928"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-322-01.pdf"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/45487"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/3275"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/42650"
},
{
"trust": 1.8,
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/15767"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4597"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu603928"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4597"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/603928http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/16220"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/15767/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42650/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42650/#comments"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "PACKETSTORM",
"id": "97061"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "PACKETSTORM",
"id": "97061"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-21T00:00:00",
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"date": "2010-12-21T00:00:00",
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-17T00:00:00",
"db": "CERT/CC",
"id": "VU#603928"
},
{
"date": "2010-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"date": "2010-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"date": "2010-12-16T00:00:00",
"db": "BID",
"id": "45487"
},
{
"date": "2011-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"date": "2010-12-27T07:39:20",
"db": "PACKETSTORM",
"id": "97061"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-313"
},
{
"date": "2010-12-23T18:00:03.823000",
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-21T00:00:00",
"db": "CERT/CC",
"id": "VU#603928"
},
{
"date": "2010-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"date": "2011-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "45487"
},
{
"date": "2011-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"date": "2010-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-313"
},
{
"date": "2024-11-21T01:21:18.700000",
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Remote Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
],
"trust": 1.2
}
}
var-202203-2081
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "ZDI-22-488",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-488",
"trust": 0.7,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14383",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-488",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"id": "VAR-202203-2081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:10:25.516000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
],
"trust": 0.7
}
}
var-201012-0060
Vulnerability from variot
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: IntegraXor "file_name" File Disclosure Vulnerability
SECUNIA ADVISORY ID: SA42730
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42730
RELEASE DATE: 2010-12-23
DISCUSS ADVISORY: http://secunia.com/advisories/42730/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42730/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42730
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Luigi Auriemma has discovered a vulnerability in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed to the "file_name" parameter in "//open" (where "" is a valid project) is not properly verified before being used to display files.
Successful exploitation requires the IntegraXor Server to be started and running a project (off by default).
The vulnerability is confirmed in version 3.6.4000.0.
SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists).
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/integraxor_1-adv.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 2.5,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 2.5,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.5,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "integraxor",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "3.6.4000.1 earlier"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=3.6.4000.0"
}
],
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "45535"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
],
"trust": 0.9
},
"cve": "CVE-2010-4598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-4598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "8876dc14-2355-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-4598",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#979776",
"trust": 0.8,
"value": "18.00"
},
{
"author": "NVD",
"id": "CVE-2010-4598",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-314",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. \nIntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor \"file_name\" File Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42730\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42730/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730\n\nRELEASE DATE:\n2010-12-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42730/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42730/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has discovered a vulnerability in IntegraXor, which\ncan be exploited by malicious people to disclose potentially\nsensitive information. \n\nInput passed to the \"file_name\" parameter in \"/\u003cproject name\u003e/open\"\n(where \"\u003cproject name\u003e\" is a valid project) is not properly verified\nbefore being used to display files. \n\nSuccessful exploitation requires the IntegraXor Server to be started\nand running a project (off by default). \n\nThe vulnerability is confirmed in version 3.6.4000.0. \n\nSOLUTION:\nRestrict access to trusted hosts only (e.g. via network access\ncontrol lists). \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/integraxor_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "96914"
}
],
"trust": 4.5
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-4598",
"trust": 4.1
},
{
"db": "BID",
"id": "45535",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#979776",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-10-355-01",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "15802",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-3304",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "42730",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2010-3389",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2010-3332",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-10-362-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001",
"trust": 0.8
},
{
"db": "IVD",
"id": "8876DC14-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D73DD1E-463F-11E9-802E-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "431CFF94-1FA5-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D79F7A2-463F-11E9-B78D-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "96914",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "PACKETSTORM",
"id": "96914"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"id": "VAR-201012-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
}
],
"trust": 2.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.0
}
],
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
}
]
},
"last_update_date": "2024-11-23T22:02:59.142000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IntegraXor 3.6 SCADA Security Issue 20101222-0323 Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-10-355-01.pdf"
},
{
"trust": 2.5,
"url": "http://aluigi.org/adv/integraxor_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/45535"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/3304"
},
{
"trust": 2.1,
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/979776"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/42730"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/15802"
},
{
"trust": 0.8,
"url": "http://www.exploit-db.com/exploits/15802/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4598"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-362-01_ecava_integraxor_directory_traversal.pdf"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu979776"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4598"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/45535http"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://aluigi.altervista.org/adv/integraxor_1-adv.txt"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42730/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42730/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "PACKETSTORM",
"id": "96914"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "PACKETSTORM",
"id": "96914"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"date": "2010-12-22T00:00:00",
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-22T00:00:00",
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"date": "2011-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#979776"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"date": "2010-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"date": "2010-12-21T00:00:00",
"db": "BID",
"id": "45535"
},
{
"date": "2011-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"date": "2010-12-23T06:21:14",
"db": "PACKETSTORM",
"id": "96914"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-314"
},
{
"date": "2010-12-23T18:00:03.977000",
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#979776"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"date": "2010-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"date": "2011-01-11T15:22:00",
"db": "BID",
"id": "45535"
},
{
"date": "2011-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"date": "2010-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-314"
},
{
"date": "2024-11-21T01:21:18.940000",
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
],
"trust": 1.4
}
}
var-201012-0061
Vulnerability from variot
Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dwmapi.dll It may be possible to get permission through the file. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. An untrusted search path vulnerability exists in Ecava IntegraXor 3.6.4000.0 and earlier. Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: IntegraXor Insecure Library Loading Vulnerability
SECUNIA ADVISORY ID: SA42734
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42734/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42734
RELEASE DATE: 2010-12-23
DISCUSS ADVISORY: http://secunia.com/advisories/42734/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42734/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42734
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in IntegraXor, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a IGX file located on a remote WebDAV or SMB share.
The vulnerability is confirmed in version 3.6.4000.0.
SOLUTION: Do not open untrusted files.
PROVIDED AND/OR DISCOVERED BY: Mister Teatime
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 2.7,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.6.4000.0"
}
],
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mister Teatime",
"sources": [
{
"db": "BID",
"id": "45549"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
],
"trust": 0.9
},
"cve": "CVE-2010-4599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2010-4599",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "8831bfda-2355-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-4599",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-4599",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-315",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dwmapi.dll It may be possible to get permission through the file. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. An untrusted search path vulnerability exists in Ecava IntegraXor 3.6.4000.0 and earlier. Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. \nIntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Insecure Library Loading Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42734\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42734/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734\n\nRELEASE DATE:\n2010-12-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42734/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42734/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to the application loading libraries\n(e.g. dwmapi.dll) in an insecure manner. This can be exploited to\nload arbitrary libraries by tricking a user into e.g. opening a IGX\nfile located on a remote WebDAV or SMB share. \n\nThe vulnerability is confirmed in version 3.6.4000.0. \n\nSOLUTION:\nDo not open untrusted files. \n\nPROVIDED AND/OR DISCOVERED BY:\nMister Teatime\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "96916"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-4599",
"trust": 3.7
},
{
"db": "BID",
"id": "45549",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "42734",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2010-3388",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669",
"trust": 0.8
},
{
"db": "IVD",
"id": "8831BFDA-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D73B60F-463F-11E9-BFE4-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "96916",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "PACKETSTORM",
"id": "96916"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"id": "VAR-201012-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
}
],
"trust": 1.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
}
]
},
"last_update_date": "2024-11-23T22:31:41.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "integraxor-3-6-4000-0-dated-17-dec-2010-change-log",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/integraxor-3-6-4000-0-dated-17-dec-2010-change-log"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/45549"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/42734"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4599"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4599"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42734/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42734/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "PACKETSTORM",
"id": "96916"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "PACKETSTORM",
"id": "96916"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"date": "2010-12-22T00:00:00",
"db": "BID",
"id": "45549"
},
{
"date": "2011-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"date": "2010-12-23T06:21:20",
"db": "PACKETSTORM",
"id": "96916"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-315"
},
{
"date": "2010-12-23T18:00:04.027000",
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "45549"
},
{
"date": "2011-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"date": "2010-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-315"
},
{
"date": "2024-11-21T01:21:19.127000",
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Untrusted Search Path Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
],
"trust": 1.0
}
}
var-201702-0293
Vulnerability from variot
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. An attacker could exploit the vulnerability to compromise an affected application, access or modify data, or exploit a potential vulnerability in the underlying database. IntegraXor version 5.0.413.0 is vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "integraxor",
"scope": "eq",
"trust": 3.3,
"vendor": "ecava",
"version": "5.0.413.0"
},
{
"_id": null,
"model": "integraxor",
"scope": null,
"trust": 1.4,
"vendor": "ecava",
"version": null
},
{
"_id": null,
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "5.2.722.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "5.0.413.0"
}
],
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
}
]
},
"credits": {
"_id": null,
"data": "Brian Gorenc and Juan Pablo Lopez",
"sources": [
{
"db": "BID",
"id": "95907"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8341",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8341",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 3.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01510",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8341",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-8341",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8341",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-8341",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-01510",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-256",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host\u0027s database could be subject to read, write, and delete commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. An attacker could exploit the vulnerability to compromise an affected application, access or modify data, or exploit a potential vulnerability in the underlying database. \nIntegraXor version 5.0.413.0 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
}
],
"trust": 3.87
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-8341",
"trust": 4.9
},
{
"db": "ICS CERT",
"id": "ICSA-17-031-02",
"trust": 2.7
},
{
"db": "BID",
"id": "95907",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-01510",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3824",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-059",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3849",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-058",
"trust": 0.7
},
{
"db": "IVD",
"id": "B6A8EEC8-6FCF-4E17-AB05-5BEE56343E5A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
}
]
},
"id": "VAR-201702-0293",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
}
]
},
"last_update_date": "2024-11-23T22:18:06.425000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02"
},
{
"title": "Ecava IGX SCADA",
"trust": 0.8,
"url": "https://www.integraxor.com/download-scada/"
},
{
"title": "Ecava IntegraXor has multiple patches for SQL injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89438"
},
{
"title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67544"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-031-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/95907"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8341"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8341"
},
{
"trust": 0.3,
"url": "http://ecava.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-059",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-058",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-01510",
"ident": null
},
{
"db": "BID",
"id": "95907",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-8341",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-02-17T00:00:00",
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a",
"ident": null
},
{
"date": "2017-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-17-059",
"ident": null
},
{
"date": "2017-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-17-058",
"ident": null
},
{
"date": "2017-02-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01510",
"ident": null
},
{
"date": "2017-01-31T00:00:00",
"db": "BID",
"id": "95907",
"ident": null
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007828",
"ident": null
},
{
"date": "2017-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-256",
"ident": null
},
{
"date": "2017-02-13T21:59:00.597000",
"db": "NVD",
"id": "CVE-2016-8341",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-17-059",
"ident": null
},
{
"date": "2017-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-17-058",
"ident": null
},
{
"date": "2017-02-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01510",
"ident": null
},
{
"date": "2017-02-02T00:08:00",
"db": "BID",
"id": "95907",
"ident": null
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007828",
"ident": null
},
{
"date": "2017-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-256",
"ident": null
},
{
"date": "2024-11-21T02:59:11.370000",
"db": "NVD",
"id": "CVE-2016-8341",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Ecava IntegraXor of Web On the server SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
],
"trust": 0.8
}
}
var-201712-0122
Vulnerability from variot
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. Authentication is not required to exploit this vulnerability.The specific flaw exists within the batchlist report page. When parsing the 'to' parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. An attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Ecava IntegraXor 6.1.1030.1 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.8,
"vendor": "ecava",
"version": "6.1.1030.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "6.1.1030.1"
},
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=6.1.1030.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "6.0.522.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite Michael DePlante and Brad Taylor",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-999"
}
],
"trust": 0.7
},
"cve": "CVE-2017-16733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16733",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37694",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16733",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16733",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-16733",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2017-16733",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37694",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. Authentication is not required to exploit this vulnerability.The specific flaw exists within the batchlist report page. When parsing the \u0027to\u0027 parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. \nAn attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nEcava IntegraXor 6.1.1030.1 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16733",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-03",
"trust": 2.7
},
{
"db": "BID",
"id": "102223",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-37694",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5385",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-999",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-04",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DFCF22-39AB-11E9-9906-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"id": "VAR-201712-0122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
}
]
},
"last_update_date": "2024-11-23T22:00:47.804000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.integraxor.com/"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
},
{
"title": "Patch for Ecava IntegraXor SQL Injection Vulnerability (CNVD-2017-37694)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111297"
},
{
"title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77236"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16733"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16733"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-04"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/102223"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102223"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-744"
},
{
"date": "2017-12-20T19:29:00.317000",
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102223"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"date": "2017-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-744"
},
{
"date": "2024-11-21T03:16:52.363000",
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
],
"trust": 0.8
}
}
var-202203-2055
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "ZDI-22-491",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-491",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14445",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-491",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"id": "VAR-202203-2055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:08:52.093000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
],
"trust": 0.7
}
}
var-201204-0146
Vulnerability from variot
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to overwrite arbitrary files on the affected system. This could aid in further attacks. Ecava IntegraXor versions prior to 3.71.4200 are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: IntegraXor Project ActiveX Control Insecure Method
SECUNIA ADVISORY ID: SA48558
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48558
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48558/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48558/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48558
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to compromise a user's system.
Successful exploitation may allow execution of arbitrary code.
SOLUTION: Update to version 3.71.4200.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Billy Rios and Terry McCorkle.
ORIGINAL ADVISORY: US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 2.5,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Terry McCorkle",
"sources": [
{
"db": "BID",
"id": "52763"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0246",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-0246",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0246",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-0246",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-535",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. \nExploiting the issue may allow an attacker to overwrite arbitrary files on the affected system. This could aid in further attacks. \nEcava IntegraXor versions prior to 3.71.4200 are vulnerable. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Project ActiveX Control Insecure Method\n\nSECUNIA ADVISORY ID:\nSA48558\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48558/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48558/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48558/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nSOLUTION:\nUpdate to version 3.71.4200. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Billy Rios and Terry McCorkle. \n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "111325"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0246",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-083-01",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "48558",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "80650",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-1650",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978",
"trust": 0.8
},
{
"db": "BID",
"id": "52763",
"trust": 0.3
},
{
"db": "IVD",
"id": "F9D0942E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "111325",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "PACKETSTORM",
"id": "111325"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"id": "VAR-201204-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
}
]
},
"last_update_date": "2024-11-23T22:18:55.251000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/index.htm"
},
{
"title": "IntegraXor 3.71 - DOWNLOAD",
"trust": 0.8,
"url": "http://www.integraxor.com/download.htm"
},
{
"title": "Ecava IntegraXor \u0027igcom.dll\u0027 directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/14973"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-083-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/48558"
},
{
"trust": 1.0,
"url": "http://osvdb.org/80650"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0246"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0246"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-083-01.pdfhttp"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48558/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48558/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "PACKETSTORM",
"id": "111325"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "PACKETSTORM",
"id": "111325"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-30T00:00:00",
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"date": "2012-03-28T00:00:00",
"db": "BID",
"id": "52763"
},
{
"date": "2012-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"date": "2012-03-28T09:00:21",
"db": "PACKETSTORM",
"id": "111325"
},
{
"date": "2012-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-535"
},
{
"date": "2012-04-02T10:46:44.263000",
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"date": "2012-08-17T12:20:00",
"db": "BID",
"id": "52763"
},
{
"date": "2012-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"date": "2012-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-535"
},
{
"date": "2024-11-21T01:34:39.350000",
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor \u0027igcom.dll\u0027 Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
],
"trust": 0.8
}
}
var-201409-0185
Vulnerability from variot
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ecava:integraxor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "69774"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2377",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05986",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2377",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2377",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-05986",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-518",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2377",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69774",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05986",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167",
"trust": 0.8
},
{
"db": "IVD",
"id": "28EBCE7E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"id": "VAR-201409-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
]
},
"last_update_date": "2024-11-23T21:55:20.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50102"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2377"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2377"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69774"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69774"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-518"
},
{
"date": "2014-09-15T14:55:11.197000",
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69774"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-518"
},
{
"date": "2024-11-21T02:06:10.507000",
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57ED23C-1807-472A-905C-69F80A009A89",
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors."
},
{
"lang": "es",
"value": "Ecava IntegraXor en versiones anteriores a 5.0 build 4522 permite a atacantes remotos obtener informaci\u00f3n sensible leyendo mensajes de error detallados."
}
],
"id": "CVE-2016-2300",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T00:59:01.370",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-21 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99164 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.tenable.com/security/research/tra-2017-24 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99164 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2017-24 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3AD6FB-EA14-4FBF-8CBB-A9DA6ECC3E5C",
"versionEndIncluding": "5.2.1231.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de inyecci\u00f3n SQL en Ecava IntegraXor en versiones 5.2.1231.0 y anteriores. La aplicaci\u00f3n fracasa a la hora de validar correctamente entradas de usuario, lo que podr\u00eda permitir que un atacante no autenticado ejecute de forma remota c\u00f3digo arbitrario en forma de consultas SQL."
}
],
"id": "CVE-2017-6050",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T19:29:00.337",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.securityfocus.com/bid/99164"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.tenable.com/security/research/tra-2017-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.securityfocus.com/bid/99164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2017-24"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-15 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E950E11-0F45-4511-8E94-FA2575BE48F4",
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "0858BD1B-7614-4864-A1A4-A3F6AA012068",
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."
},
{
"lang": "es",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 y anteriores y Beta 4.1.4392 y anteriores permite a atacantes remotos descubrir nombres de rutas completas a trav\u00e9s de un tag de aplicaci\u00f3n."
}
],
"id": "CVE-2014-2377",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-15T14:55:11.197",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57ED23C-1807-472A-905C-69F80A009A89",
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Ecava IntegraXor en versiones anteriores a 5.0 build 4522 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-2301",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T00:59:02.637",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-02 10:46
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | 3.5.3900.5 | |
| ecava | integraxor | 3.5.3900.10 | |
| ecava | integraxor | 3.6.4000.0 | |
| ecava | integraxor | 3.60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA7AB75-A8CB-4568-BD4F-8F77E1EC7EAE",
"versionEndIncluding": "3.60.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"matchCriteriaId": "024F3AE4-4912-4C4C-859E-3CC832123394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4BEE8F-B1FC-47E0-BF7F-3247A29CCBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EB4452-4772-4CA9-A119-A8DFE183CB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "819964C6-6562-4186-B02F-D275385DED0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en un control ActiveX no determinado en Ecava IntegraXor anterior a v3.71.4200, permite a atacantes remotos ejecutar comandos al utilizar vectores que implican un documento HTML en el servidor."
}
],
"id": "CVE-2012-0246",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-02T10:46:44.263",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/80650"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48558"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-15 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "0858BD1B-7614-4864-A1A4-A3F6AA012068",
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E950E11-0F45-4511-8E94-FA2575BE48F4",
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Ecava IntegraXor SCADA Server Stable 4.1.4360 y anteriores y Beta 4.1.4392 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2376",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-15T14:55:11.150",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57ED23C-1807-472A-905C-69F80A009A89",
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Ecava IntegraXor en versiones anteriores a 5.0 build 4522 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-2299",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T00:59:00.120",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-236"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-237"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-238"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-239"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-240"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-13 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/95907 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95907 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | 5.0.413.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:5.0.413.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1799D06-1DD1-4565-B1A0-6504D705D475",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host\u0027s database could be subject to read, write, and delete commands."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Ecava IntegraXor Versi\u00f3n 5.0.413.0. El servidor web Ecava IntegraXor tiene par\u00e1metros que son vulnerables a la inyecci\u00f3n de SQL. Si las consultas no se desinfectan, la base de datos del host podr\u00eda estar sujeta a comandos de lectura, escritura y borrado."
}
],
"id": "CVE-2016-8341",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T21:59:00.597",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95907"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57ED23C-1807-472A-905C-69F80A009A89",
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network."
},
{
"lang": "es",
"value": "El servidor web HMI en Ecava IntegraXor en versiones anteriores a 5.0 build 4522 permite a atacantes remotos obtener informaci\u00f3n sensible en texto plano husmeando la red."
}
],
"id": "CVE-2016-2306",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T00:59:07.447",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-15 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E950E11-0F45-4511-8E94-FA2575BE48F4",
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "0858BD1B-7614-4864-A1A4-A3F6AA012068",
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
},
{
"lang": "es",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 y anteriores y Beta 4.1.4392 y anteriores permite a atacantes remotos leer o escribir ficheros arbitrarios y obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (consumo de disco), a trav\u00e9s de la caracter\u00edstica de exportar CSV."
}
],
"id": "CVE-2014-2375",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-15T14:55:11.103",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-08 05:50
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf | US Government Resource | |
| ics-cert@hq.dhs.gov | http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | 3.71 | |
| ecava | integraxor | 3.72 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33EE8B5E-3361-4E2A-8F97-64CB5EC75BBA",
"versionEndIncluding": "4.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "8C338B7E-B958-4ED4-AF3C-B64A72CA01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C4717F90-420C-40C1-B465-2052F5F5D8F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en un control ActiveX en PE3DO32A.ocx en IntegraXor SCADA Server v4.00 build 4250.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero HTML manipulado."
}
],
"id": "CVE-2012-4700",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-08T05:50:40.767",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-20 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10FBF440-3FE4-4155-90BA-6891D1D9BD17",
"versionEndIncluding": "6.1.1030.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en Ecava IntegraXor en versiones 6.1.1030.1 y anteriores. Se ha identificado la vulnerabilidad de inyecci\u00f3n SQL, la cual genera un error en el registro de la base de datos."
}
],
"id": "CVE-2017-16735",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-20T19:29:00.350",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-23 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | 3.5.3900.5 | |
| ecava | integraxor | 3.5.3900.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBC2459-FA30-4456-9CE2-FFCFDFBBF0FC",
"versionEndIncluding": "3.6.4000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"matchCriteriaId": "024F3AE4-4912-4C4C-859E-3CC832123394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4BEE8F-B1FC-47E0-BF7F-3247A29CCBFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Ecava IntegraXor v3.6.4000.0 y anteriores permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de los caracteres .. (punto punto) en el par\u00e1metro file_name en una peticion open. \r\n\r\n"
}
],
"id": "CVE-2010-4598",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-23T18:00:03.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/adv/integraxor_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42730"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15802"
},
{
"source": "cve@mitre.org",
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/979776"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/45535"
},
{
"source": "cve@mitre.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/adv/integraxor_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/979776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/45535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3304"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57ED23C-1807-472A-905C-69F80A009A89",
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Ecava IntegraXor en versiones anteriores a 5.0 build 4522 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2016-2305",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T00:59:06.433",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-21 01:55
Modified
2025-08-26 00:15
Severity ?
Summary
Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | 3.5.3900.5 | |
| ecava | integraxor | 3.5.3900.10 | |
| ecava | integraxor | 3.6.4000.0 | |
| ecava | integraxor | 3.60.4061 | |
| ecava | integraxor | 3.71 | |
| ecava | integraxor | 3.71.4200 | |
| ecava | integraxor | 3.72 | |
| ecava | integraxor | 4.00 | |
| ecava | integraxor | 4.1 | |
| ecava | integraxor | 4.1.4360 | |
| ecava | integraxor | 4.1.4369 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C53150-2600-425B-BACB-51111E97664F",
"versionEndIncluding": "4.1.4380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"matchCriteriaId": "024F3AE4-4912-4C4C-859E-3CC832123394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4BEE8F-B1FC-47E0-BF7F-3247A29CCBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EB4452-4772-4CA9-A119-A8DFE183CB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*",
"matchCriteriaId": "66CE22B5-F6B1-4CA5-8975-A0DEA0272E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "8C338B7E-B958-4ED4-AF3C-B64A72CA01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BE9299-0D5D-4FDF-8E5C-17EBB3E3D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C4717F90-420C-40C1-B465-2052F5F5D8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "04D6E69A-AE18-4B23-95CA-85C605E5F23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C254168-384E-4B0A-BB22-445D7281FAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*",
"matchCriteriaId": "B0319EBA-C39F-4A3D-AF40-7A90FA016696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA3EDD6-3459-4916-B184-271A43FAC10A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servidor SCADA en Ecava IntegraXor anterior a 4.1.4390, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) mediante la activaci\u00f3n de acceso al c\u00f3digo DLL ubicado en el directorio IntegraXor."
}
],
"id": "CVE-2014-0753",
"lastModified": "2025-08-26T00:15:29.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-21T01:55:03.620",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://osvdb.org/102171"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-016-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-03 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D69DAF97-E07C-43FF-8972-1E70E464A26C",
"versionEndIncluding": "4.1.4450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Ecava IntegraXor SCADA Server anterior a 4.2.4488 permite a usuarios locales ganar privilegios a trav\u00e9s de un DLL renombrado en el directorio de las instalaciones por defecto."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/426.html\"\u003eCWE-426: Untrusted Search Path\u003c/a\u003e",
"id": "CVE-2015-0990",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-03T10:59:12.227",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-09 18:07
Modified
2025-08-22 23:15
Severity ?
Summary
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | 3.5.3900.5 | |
| ecava | integraxor | 3.5.3900.10 | |
| ecava | integraxor | 3.6.4000.0 | |
| ecava | integraxor | 3.60.4061 | |
| ecava | integraxor | 3.71 | |
| ecava | integraxor | 3.71.4200 | |
| ecava | integraxor | 3.72 | |
| ecava | integraxor | 4.00 | |
| ecava | integraxor | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E950E11-0F45-4511-8E94-FA2575BE48F4",
"versionEndIncluding": "4.1.4360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"matchCriteriaId": "024F3AE4-4912-4C4C-859E-3CC832123394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4BEE8F-B1FC-47E0-BF7F-3247A29CCBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EB4452-4772-4CA9-A119-A8DFE183CB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*",
"matchCriteriaId": "66CE22B5-F6B1-4CA5-8975-A0DEA0272E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "8C338B7E-B958-4ED4-AF3C-B64A72CA01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BE9299-0D5D-4FDF-8E5C-17EBB3E3D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C4717F90-420C-40C1-B465-2052F5F5D8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "04D6E69A-AE18-4B23-95CA-85C605E5F23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C254168-384E-4B0A-BB22-445D7281FAC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL."
},
{
"lang": "es",
"value": "El servdor SCADA en Ecava IntegraXor anteriores a 4.1.4369 permite a atacantes remotos leer archivos de backup de proyecto de forma arbitraria a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-0752",
"lastModified": "2025-08-22T23:15:30.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-09T18:07:26.597",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-008-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-529"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-01 01:56
Modified
2025-09-25 18:15
Severity ?
Summary
Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | 4.1 | |
| ecava | integraxor | 4.1.4340 | |
| ecava | integraxor | 4.1.4360 | |
| ecava | integraxor | 4.1.4369 | |
| ecava | integraxor | 4.1.4380 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40E2214C-80FC-4973-BF67-1ECFC1C5D303",
"versionEndIncluding": "4.1.4390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C254168-384E-4B0A-BB22-445D7281FAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1.4340:*:*:*:*:*:*:*",
"matchCriteriaId": "E1223B72-A344-450E-8E10-1B704DF894BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*",
"matchCriteriaId": "B0319EBA-C39F-4A3D-AF40-7A90FA016696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA3EDD6-3459-4916-B184-271A43FAC10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:4.1.4380:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C3DBE0-50B6-4A39-9FA5-878951AD855E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role."
},
{
"lang": "es",
"value": "Ecava IntegraXor anterior a 4.1.4393 permite a atacantes remotos leer credenciales en texto plano para cuentas administrativas a trav\u00e9s de declaraciones SELECT que aprovechan el rol de invitado."
}
],
"id": "CVE-2014-0786",
"lastModified": "2025-09-25T18:15:35.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-01T01:56:10.490",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-091-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-23 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | 3.6.4000.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EB4452-4772-4CA9-A119-A8DFE183CB87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Ecava IntegraXor v3.6.4000.0 permite a usuarios locales obtener privilegios a trav\u00e9s del troyano dwmapi.dll en el directorio corriente de trabajo. NOTA: el origen de esta informaci\u00f3n es desconocidos. Algunos detalles han sido obtenidos \u00fanicamente de terceras personas."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2010-4599",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-12-23T18:00:04.027",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42734"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45549"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-28 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * | |
| ecava | integraxor | 3.5.3900.5 | |
| ecava | integraxor | 3.5.3900.10 | |
| ecava | integraxor | 3.6.4000.0 | |
| ecava | integraxor | 3.60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA7AB75-A8CB-4568-BD4F-8F77E1EC7EAE",
"versionEndIncluding": "3.60.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"matchCriteriaId": "024F3AE4-4912-4C4C-859E-3CC832123394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4BEE8F-B1FC-47E0-BF7F-3247A29CCBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EB4452-4772-4CA9-A119-A8DFE183CB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ecava:integraxor:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "819964C6-6562-4186-B02F-D275385DED0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Ecava IntegraXor anterior a v3.60 (Build 4080), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-2958",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-28T18:55:04.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68896"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57ED23C-1807-472A-905C-69F80A009A89",
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
},
{
"lang": "es",
"value": "Ecava IntegraXor en versiones anteriores a 5.0 build 4522 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de sesi\u00f3n, lo que facilita a atacantes remotos obtener informaci\u00f3n potencialmente sensible a trav\u00e9s del acceso con secuencias de comandos a esta cookie."
}
],
"id": "CVE-2016-2304",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T00:59:05.447",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-05 15:19
Modified
2025-04-11 00:51
Severity ?
Summary
Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12B7DF-7978-4188-9F07-9AA8A345911E",
"versionEndIncluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate."
},
{
"lang": "es",
"value": "Ecava IntegraXor HMI antes de v3.60 (Build 4032) permite a atacantes remotos evitar la autenticaci\u00f3n y ejecutar comandos SQL a trav\u00e9s de vectores no especificados relacionados con una solicitud POST manipulada. NOTA: algunas fuentes han informado de este problema como la inyecci\u00f3n SQL, pero esto podr\u00eda no ser exacta."
}
],
"id": "CVE-2011-1562",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-05T15:19:35.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44105"
},
{
"source": "cve@mitre.org",
"url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"
},
{
"source": "cve@mitre.org",
"url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47019"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0761"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57ED23C-1807-472A-905C-69F80A009A89",
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en Ecava IntegraXor en versiones anteriores a 5.0 build 4522 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separaci\u00f3n de respuesta HTTP a trav\u00e9s de una URL manipulada."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/93.html\"\u003eCWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
"id": "CVE-2016-2303",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T00:59:04.540",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-20 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10FBF440-3FE4-4155-90BA-6891D1D9BD17",
"versionEndIncluding": "6.1.1030.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en Ecava IntegraXor en versiones 6.1.1030.1 y anteriores. Se ha identificado la vulnerabilidad de inyecci\u00f3n SQL que puede permitir que un atacante revele informaci\u00f3n sensible desde la base de datos."
}
],
"id": "CVE-2017-16733",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-20T19:29:00.317",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-23 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D424890D-12BF-4C07-85C3-681610EF9FD9",
"versionEndIncluding": "3.5.3900.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el m\u00e9todo save en el control ActiveX IntegraXor.Project ActiveX en igcomm.dll en Ecava IntegraXor Human-Machine Interface (HMI) anterior v3.5.3900.10 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena larga en el segundo argumento. \r\n\r\n"
}
],
"id": "CVE-2010-4597",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-23T18:00:03.823",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42650"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15767"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/603928"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/45487"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-01.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/603928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/45487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3275"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecava | integraxor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57ED23C-1807-472A-905C-69F80A009A89",
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages."
},
{
"lang": "es",
"value": "Ecava IntegraXor en versiones anteriores a 5.0 build 4522 permite a atacantes remotos obtener informaci\u00f3n sensible leyendo mensajes de error detallados."
}
],
"id": "CVE-2016-2302",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T00:59:03.620",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-2376 (GCVE-0-2014-2376)
Vulnerability from cvelistv5
Published
2014-09-15 14:00
Modified
2024-08-06 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-15T13:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2376",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0990 (GCVE-0-2015-0990)
Vulnerability from cvelistv5
Published
2015-04-03 10:00
Modified
2024-08-06 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-03T10:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-0990",
"datePublished": "2015-04-03T10:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0786 (GCVE-0-2014-0786)
Vulnerability from cvelistv5
Published
2014-05-01 01:00
Modified
2025-09-25 17:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor |
Version: 0 < 4.1.4410 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor",
"vendor": "Ecava",
"versions": [
{
"lessThan": "4.1.4410",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi"
}
],
"datePublic": "2014-04-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.\u003c/p\u003e"
}
],
"value": "Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T17:32:40.076Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-091-01"
},
{
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA customer notification from Ecava has been issued that details this vulnerability and provides mitigation guidance to its customers. Ecava recommends users download and install the update, IntegraXor SCADA Server 4.1.4410, from their support web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/igsetup.msi?4.1.4410\"\u003ehttp://www.integraxor.com/download/igsetup.msi?4.1.4410\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor additional information, please see Ecava\u2019s vulnerability note:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/blog/category/security/vulnerability-note/\"\u003ehttp://www.integraxor.com/blog/category/security/vulnerability-note/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "A customer notification from Ecava has been issued that details this vulnerability and provides mitigation guidance to its customers. Ecava recommends users download and install the update, IntegraXor SCADA Server 4.1.4410, from their support web site:\u00a0 http://www.integraxor.com/download/igsetup.msi?4.1.4410 \n\nFor additional information, please see Ecava\u2019s vulnerability note:\u00a0 http://www.integraxor.com/blog/category/security/vulnerability-note/"
}
],
"source": {
"advisory": "ICSA-14-091-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.integraxor.com/blog/category/security/vulnerability-note/",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0786",
"datePublished": "2014-05-01T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-25T17:32:40.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2375 (GCVE-0-2014-2375)
Vulnerability from cvelistv5
Published
2014-09-15 14:00
Modified
2024-08-06 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-15T13:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2375",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2300 (GCVE-0-2016-2300)
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2300",
"datePublished": "2016-04-22T00:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4598 (GCVE-0-2010-4598)
Vulnerability from cvelistv5
Published
2010-12-23 17:00
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/45535 | vdb-entry, x_refsource_BID | |
| http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/15802 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.vupen.com/english/advisories/2010/3304 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/42730 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/979776 | third-party-advisory, x_refsource_CERT-VN | |
| http://aluigi.org/adv/integraxor_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45535"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
},
{
"name": "15802",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15802"
},
{
"name": "ADV-2010-3304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3304"
},
{
"name": "42730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42730"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf"
},
{
"name": "VU#979776",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/979776"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/integraxor_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45535"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
},
{
"name": "15802",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15802"
},
{
"name": "ADV-2010-3304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3304"
},
{
"name": "42730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42730"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf"
},
{
"name": "VU#979776",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/979776"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/integraxor_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45535"
},
{
"name": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
},
{
"name": "15802",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15802"
},
{
"name": "ADV-2010-3304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3304"
},
{
"name": "42730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42730"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf"
},
{
"name": "VU#979776",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/979776"
},
{
"name": "http://aluigi.org/adv/integraxor_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/integraxor_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4598",
"datePublished": "2010-12-23T17:00:00",
"dateReserved": "2010-12-23T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2306 (GCVE-0-2016-2306)
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2306",
"datePublished": "2016-04-22T00:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2377 (GCVE-0-2014-2377)
Vulnerability from cvelistv5
Published
2014-09-15 14:00
Modified
2024-08-06 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-15T13:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2377",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0753 (GCVE-0-2014-0753)
Vulnerability from cvelistv5
Published
2014-01-21 01:00
Modified
2025-08-25 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/102171 | vdb-entry, x_refsource_OSVDB | |
| http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/ | x_refsource_CONFIRM | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-016-01 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102171",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor",
"vendor": "Ecava",
"versions": [
{
"lessThanOrEqual": "4.1.4380",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luigi Auriemma"
}
],
"datePublic": "2014-01-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T23:46:30.088Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "102171",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-016-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava Sdn Bhd has issued a customer notification that details this \nvulnerability and provides mitigation guidance to its customers. Ecava \nSdn Bhd recommends users download and install the update, IntegraXor \nSCADA Server 4.1.4390, from their support Web site:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.1.4390\"\u003ehttp://www.integraxor.com/download/rc.msi?4.1.4390\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor additional information, please see Ecava\u2019s vulnerability note:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/\"\u003ehttp://www.integraxor.com/blog/buffer-overflow-vulnerability-note/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ecava Sdn Bhd has issued a customer notification that details this \nvulnerability and provides mitigation guidance to its customers. Ecava \nSdn Bhd recommends users download and install the update, IntegraXor \nSCADA Server 4.1.4390, from their support Web site:\n\n\n http://www.integraxor.com/download/rc.msi?4.1.4390 \n\nFor additional information, please see Ecava\u2019s vulnerability note:\n\n\n http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
}
],
"source": {
"advisory": "ICSA-14-016-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102171",
"refsource": "OSVDB",
"url": "http://osvdb.org/102171"
},
{
"name": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0753",
"datePublished": "2014-01-21T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-08-25T23:46:30.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4599 (GCVE-0-2010-4599)
Vulnerability from cvelistv5
Published
2010-12-23 17:00
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/45549 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/42734 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45549"
},
{
"name": "42734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45549"
},
{
"name": "42734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45549"
},
{
"name": "42734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4599",
"datePublished": "2010-12-23T17:00:00",
"dateReserved": "2010-12-23T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2299 (GCVE-0-2016-2299)
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-236 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-238 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-237 | x_refsource_MISC | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-239 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-240 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-238"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-237"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-238"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-237"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-236",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-236"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-238",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-238"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-237",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-237"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-239",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-239"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-240",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2299",
"datePublished": "2016-04-22T00:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2958 (GCVE-0-2011-2958)
Vulnerability from cvelistv5
Published
2011-07-28 18:00
Modified
2024-08-06 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68896 | vdb-entry, x_refsource_XF | |
| http://www.integraxor.com/blog/security-issue-xss-vulnerability-note | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "integraxor-unspecified-xss(68896)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "integraxor-unspecified-xss(68896)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "integraxor-unspecified-xss(68896)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68896"
},
{
"name": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2958",
"datePublished": "2011-07-28T18:00:00",
"dateReserved": "2011-07-28T00:00:00",
"dateUpdated": "2024-08-06T23:15:32.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0752 (GCVE-0-2014-0752)
Vulnerability from cvelistv5
Published
2014-01-09 11:00
Modified
2025-08-22 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ecava | IntegraXor |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntegraXor",
"vendor": "Ecava",
"versions": [
{
"lessThanOrEqual": "4.1.4360",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zero Day Initiative"
}
],
"datePublic": "2013-12-21T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.\u003c/p\u003e"
}
],
"value": "The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-529",
"description": "CWE-529",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T22:53:01.252Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-008-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEcava Sdn Bhd has issued a customer notification that details this \nvulnerability and provides mitigations to its customers. Ecava Sdn Bhd \nrecommends users download and install the update, IntegraXor SCADA \nServer 4.1.4369, from their support Web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/beta.msi?4.1.4369\"\u003ehttp://www.integraxor.com/download/beta.msi?4.1.4369\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor additional information, please see Ecava\u2019s vulnerability note:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/blog/category/security/vulnerability-note/\"\u003ehttp://www.integraxor.com/blog/category/security/vulnerability-note/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ecava Sdn Bhd has issued a customer notification that details this \nvulnerability and provides mitigations to its customers. Ecava Sdn Bhd \nrecommends users download and install the update, IntegraXor SCADA \nServer 4.1.4369, from their support Web site:\u00a0 http://www.integraxor.com/download/beta.msi?4.1.4369 \n\nFor additional information, please see Ecava\u2019s vulnerability note:\u00a0 http://www.integraxor.com/blog/category/security/vulnerability-note/"
}
],
"source": {
"advisory": "ICSA-14-008-01",
"discovery": "EXTERNAL"
},
"title": "Ecava IntegraXor Exposure of Access Control List Files to an Unauthorized Control Sphere",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.integraxor.com/blog/category/security/vulnerability-note/",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0752",
"datePublished": "2014-01-09T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-08-22T22:53:01.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6050 (GCVE-0-2017-6050)
Vulnerability from cvelistv5
Published
2017-06-21 19:00
Modified
2024-08-05 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99164 | vdb-entry, x_refsource_BID | |
| https://www.tenable.com/security/research/tra-2017-24 | x_refsource_MISC | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ecava IntegraXor |
Version: Ecava IntegraXor |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99164"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ecava IntegraXor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ecava IntegraXor"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-07T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "99164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99164"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ecava IntegraXor",
"version": {
"version_data": [
{
"version_value": "Ecava IntegraXor"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99164"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-24",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-24"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6050",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4597 (GCVE-0-2010-4597)
Vulnerability from cvelistv5
Published
2010-12-23 17:00
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-01.pdf | x_refsource_MISC | |
| http://secunia.com/advisories/42650 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/603928 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/45487 | vdb-entry, x_refsource_BID | |
| http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/15767 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.vupen.com/english/advisories/2010/3275 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-01.pdf"
},
{
"name": "42650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42650"
},
{
"name": "VU#603928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/603928"
},
{
"name": "45487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"name": "15767",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15767"
},
{
"name": "ADV-2010-3275",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-01.pdf"
},
{
"name": "42650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42650"
},
{
"name": "VU#603928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/603928"
},
{
"name": "45487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"name": "15767",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15767"
},
{
"name": "ADV-2010-3275",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-01.pdf"
},
{
"name": "42650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42650"
},
{
"name": "VU#603928",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/603928"
},
{
"name": "45487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45487"
},
{
"name": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note",
"refsource": "MISC",
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"name": "15767",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15767"
},
{
"name": "ADV-2010-3275",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4597",
"datePublished": "2010-12-23T17:00:00",
"dateReserved": "2010-12-23T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2302 (GCVE-0-2016-2302)
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2302",
"datePublished": "2016-04-22T00:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0246 (GCVE-0-2012-0246)
Vulnerability from cvelistv5
Published
2012-04-02 10:00
Modified
2024-08-06 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48558 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74388 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/80650 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48558"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf"
},
{
"name": "integraxor-activex-directory-traversal(74388)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388"
},
{
"name": "80650",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "48558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48558"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf"
},
{
"name": "integraxor-activex-directory-traversal(74388)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388"
},
{
"name": "80650",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80650"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-0246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48558"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf"
},
{
"name": "integraxor-activex-directory-traversal(74388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388"
},
{
"name": "80650",
"refsource": "OSVDB",
"url": "http://osvdb.org/80650"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-0246",
"datePublished": "2012-04-02T10:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:20.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8341 (GCVE-0-2016-8341)
Vulnerability from cvelistv5
Published
2017-02-13 21:00
Modified
2024-08-06 02:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Ecava IntegraXor SQL injection
Summary
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95907 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ecava IntegraXor 5.0.413.0 |
Version: Ecava IntegraXor 5.0.413.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95907",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95907"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ecava IntegraXor 5.0.413.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ecava IntegraXor 5.0.413.0"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host\u0027s database could be subject to read, write, and delete commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Ecava IntegraXor SQL injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "95907",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95907"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ecava IntegraXor 5.0.413.0",
"version": {
"version_data": [
{
"version_value": "Ecava IntegraXor 5.0.413.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host\u0027s database could be subject to read, write, and delete commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Ecava IntegraXor SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95907"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-8341",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-09-28T00:00:00",
"dateUpdated": "2024-08-06T02:20:30.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2301 (GCVE-0-2016-2301)
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2301",
"datePublished": "2016-04-22T00:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4700 (GCVE-0-2012-4700)
Vulnerability from cvelistv5
Published
2013-02-08 02:00
Modified
2024-09-16 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf | x_refsource_MISC | |
| http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-08T02:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf"
},
{
"name": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4700",
"datePublished": "2013-02-08T02:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:22.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2305 (GCVE-0-2016-2305)
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2305",
"datePublished": "2016-04-22T00:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2303 (GCVE-0-2016-2303)
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2303",
"datePublished": "2016-04-22T00:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16735 (GCVE-0-2017-16735)
Vulnerability from cvelistv5
Published
2017-12-20 19:00
Modified
2024-08-05 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ecava IntegraXor |
Version: Ecava IntegraXor |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ecava IntegraXor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ecava IntegraXor"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-20T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-16735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ecava IntegraXor",
"version": {
"version_data": [
{
"version_value": "Ecava IntegraXor"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16735",
"datePublished": "2017-12-20T19:00:00",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-08-05T20:35:20.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2304 (GCVE-0-2016-2304)
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2304",
"datePublished": "2016-04-22T00:00:00",
"dateReserved": "2016-02-09T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1562 (GCVE-0-2011-1562)
Vulnerability from cvelistv5
Published
2011-04-05 15:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/44105 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf | x_refsource_MISC | |
| http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47019 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2011/0761 | vdb-entry, x_refsource_VUPEN | |
| http://twitter.com/#%21/djrbliss/status/50685527749431296 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66306 | vdb-entry, x_refsource_XF | |
| http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"
},
{
"name": "47019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47019"
},
{
"name": "ADV-2011-0761",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0761"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"
},
{
"name": "integraxor-unspecified-sql-injection(66306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"
},
{
"name": "47019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47019"
},
{
"name": "ADV-2011-0761",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0761"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"
},
{
"name": "integraxor-unspecified-sql-injection(66306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44105"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"
},
{
"name": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"
},
{
"name": "47019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47019"
},
{
"name": "ADV-2011-0761",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0761"
},
{
"name": "http://twitter.com/#!/djrbliss/status/50685527749431296",
"refsource": "MISC",
"url": "http://twitter.com/#!/djrbliss/status/50685527749431296"
},
{
"name": "integraxor-unspecified-sql-injection(66306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"
},
{
"name": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1562",
"datePublished": "2011-04-05T15:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16733 (GCVE-0-2017-16733)
Vulnerability from cvelistv5
Published
2017-12-20 19:00
Modified
2024-08-05 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ecava IntegraXor |
Version: Ecava IntegraXor |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ecava IntegraXor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Ecava IntegraXor"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-20T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-16733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ecava IntegraXor",
"version": {
"version_data": [
{
"version_value": "Ecava IntegraXor"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16733",
"datePublished": "2017-12-20T19:00:00",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-08-05T20:35:20.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}