7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.4%
The version of Ecava IntegraXor installed on the remote Windows host is version 5.0.413.0. It is, therefore, affected by the following vulnerabilities :
A SQL injection vulnerability exists in the web server component due to improper sanitization of user-supplied input to the ‘name’ parameter in getdata requests. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries, resulting in the disclosure or manipulation of arbitrary data.
(CVE-2016-8341 / ZDI-17-058)
A SQL injection vulnerability exists in the web server component due to improper sanitization of user-supplied input to the ‘param’ parameter in getdata requests. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries, resulting in the disclosure or manipulation of arbitrary data.
(CVE-2016-8341 / ZDI-17-059)
Binary data scada_app_ecava_integraxor_5_2_722_2.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
ecava | integraxor | cpe:/a:ecava:integraxor |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.4%