9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
0.015 Low
EPSS
Percentile
86.8%
The version of Ecava IntegraXor installed on the remote host is a version prior to 4.2 Build 4458. It is, therefore, affected by multiple vulnerabilities :
A flaw related to IntegraXor’s privilege management allows the unprivileged guest user account to execute arbitrary SQL statements and potentially upload malicious files. (CVE-2014-0786)
A flaw in the way that IntegraXor exports report files allows a remote, unauthenticated attacker to read and write any file or cause a denial of service by writing extremely large files. (CVE-2014-2375)
A SQL injection flaw allows a remote attacker to modify and read database entries that are normally restricted, including configuration entries. (CVE-2014-2376)
A flaw exists in IntegraXor’s built-in application tags that discloses path name information, which can be used in conjunction with other vulnerabilities to increase the likelihood of a successful attack. (CVE-2014-2377)
Binary data scada_integraxor_4_2_4458.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
ecava | integraxor | cpe:/a:ecava:integraxor |