8.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.5%
Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.
CPE | Name | Operator | Version |
---|---|---|---|
ecava:integraxor | ecava integraxor | le | 3.60 |
secunia.com/advisories/44105
twitter.com/#%21/djrbliss/status/50685527749431296
www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note
www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note
www.securityfocus.com/bid/47019
www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf
www.vupen.com/english/advisories/2011/0761
exchange.xforce.ibmcloud.com/vulnerabilities/66306