cnvd-2016-02332
Vulnerability from cnvd
Title
Ecava IntegraXor传输未加密漏洞
Description
Ecava IntegraXor是一套基于Web的用于创建和运行SCADA系统的HMI界面的工具。 Ecava IntegraXor 5.0 build 4522之前版本中存在传输未加密漏洞,该漏洞源于HMI Web服务器传输未加密的数据。远程攻击者可利用该漏洞获取受影响系统的完全访问权限。
Severity
Patch Name
Ecava IntegraXor传输未加密漏洞的补丁
Patch Description
Ecava IntegraXor是一套基于Web的用于创建和运行SCADA系统的HMI界面的工具。 Ecava IntegraXor 5.0 build 4522之前版本中存在传输未加密漏洞,该漏洞源于HMI Web服务器传输未加密的数据。远程攻击者可利用该漏洞获取受影响系统的完全访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.integraxor.com/blog/category/security/vulnerability-note/

Reference
https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03
Impacted products
Name
Ecava IntegraXor <5.0 build 4522
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2306"
    }
  },
  "description": "Ecava IntegraXor\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7684\u7528\u4e8e\u521b\u5efa\u548c\u8fd0\u884cSCADA\u7cfb\u7edf\u7684HMI\u754c\u9762\u7684\u5de5\u5177\u3002\r\n\r\nEcava IntegraXor 5.0 build 4522\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4f20\u8f93\u672a\u52a0\u5bc6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eHMI Web\u670d\u52a1\u5668\u4f20\u8f93\u672a\u52a0\u5bc6\u7684\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u5b8c\u5168\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.integraxor.com/blog/category/security/vulnerability-note/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02332",
  "openTime": "2016-04-19",
  "patchDescription": "Ecava IntegraXor\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7684\u7528\u4e8e\u521b\u5efa\u548c\u8fd0\u884cSCADA\u7cfb\u7edf\u7684HMI\u754c\u9762\u7684\u5de5\u5177\u3002\r\n\r\nEcava IntegraXor 5.0 build 4522\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4f20\u8f93\u672a\u52a0\u5bc6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eHMI Web\u670d\u52a1\u5668\u4f20\u8f93\u672a\u52a0\u5bc6\u7684\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u5b8c\u5168\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ecava IntegraXor\u4f20\u8f93\u672a\u52a0\u5bc6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Ecava IntegraXor \u003c5.0 build 4522"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-16",
  "title": "Ecava IntegraXor\u4f20\u8f93\u672a\u52a0\u5bc6\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.