Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_INTEGRAXOR_4_2_4458.NBIN
HistorySep 29, 2014 - 12:00 a.m.

Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities

2014-09-2900:00:00
This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

0.015 Low

EPSS

Percentile

86.8%

JSON

The version of Ecava IntegraXor installed on the remote host is a version prior to 4.2 Build 4458. It is, therefore, affected by multiple vulnerabilities :

  • A flaw related to IntegraXor’s privilege management allows the unprivileged guest user account to execute arbitrary SQL statements and potentially upload malicious files. (CVE-2014-0786)

  • A flaw in the way that IntegraXor exports report files allows a remote, unauthenticated attacker to read and write any file or cause a denial of service by writing extremely large files. (CVE-2014-2375)

  • A SQL injection flaw allows a remote attacker to modify and read database entries that are normally restricted, including configuration entries. (CVE-2014-2376)

  • A flaw exists in IntegraXor’s built-in application tags that discloses path name information, which can be used in conjunction with other vulnerabilities to increase the likelihood of a successful attack. (CVE-2014-2377)

Binary data scada_integraxor_4_2_4458.nbin
VendorProductVersionCPE
ecavaintegraxorcpe:/a:ecava:integraxor

Related

nessus 1
ics 2
nvd 4
prion 4
openvas 1
zdi 2
cvelist 4
cve 4
nessus
nessus
Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities
2014-09-23 00:00:00
ics
ics
Ecava Integraxor SCADA Server Vulnerabilities
2018-09-06 12:00:00
Ecava IntegraXor Guest Account Information Disclosure Vulnerability
2018-09-06 12:00:00
nvd
nvd
CVE-2014-2377
2014-09-15 14:55:11
CVE-2014-0786
2014-05-01 01:56:10
CVE-2014-2375
2014-09-15 14:55:11
prion
prion
Sql injection
2014-09-15 14:55:00
Design/Logic Flaw
2014-05-01 01:56:00
Code injection
2014-09-15 14:55:00
openvas
openvas
ECAVA IntegraXor < 4.1.4393 Account Information Disclosure Vulnerability
2014-05-19 00:00:00
zdi
zdi
Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability
2014-05-02 00:00:00
Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability
2014-10-24 00:00:00
cvelist
cvelist
CVE-2014-0786
2014-05-01 01:00:00
CVE-2014-2377
2014-09-15 14:00:00
CVE-2014-2375
2014-09-15 14:00:00
cve
cve
CVE-2014-2377
2014-09-15 14:55:11
CVE-2014-2375
2014-09-15 14:55:11
CVE-2014-0786
2014-05-01 01:56:10

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

0.015 Low

EPSS

Percentile

86.8%

JSON
Related for SCADA_INTEGRAXOR_4_2_4458.NBIN
nessus1ics2nvd4prion4openvas1zdi2cvelist4cve4