26 matches found
CVE-2010-4598
CVE-2010-4598 affects Ecava IntegraXor web-based SCADA UI, with vulnerable versions 3.6.4000.0 and earlier. The issue is a directory traversal in the open request where a crafted file_name parameter with “..” can cause the system to disclose arbitrary files outside the web root. Public records in...
CVE-2014-0786
CVE-2014-0786 affects Ecava IntegraXor SCADA Server prior to 4.1.4393. The issue is an improper privilege/guest access flaw that allows remote attackers to read cleartext administrative credentials via SELECT statements executed with the guest role, leading to information disclosure. Affected pro...
CVE-2015-0990
Affected product: Ecava IntegraXor SCADA Server prior to version 4.2.4488. Issue: Untrusted search path (CWE-427) allows a local attacker to escalate privileges by placing a renamed DLL in the default install directory; the DLL is loaded by the application, executing code with the application’s p...
CVE-2017-16733
CVE-2017-16733 affects Ecava IntegraXor (v6.1.1030.1 and earlier). The vulnerability is an SQL Injection in the web interface that can disclose sensitive database information; the batchlist report parsing flaw is a specific instance described by ZDI. Exploitation is shown as remote and unauthenti...
CVE-2017-6050
Ecava IntegraXor is affected by CVE-2017-6050 due to improper input validation that enables an unauthenticated attacker to remotely execute arbitrary SQL queries. Affected products include IntegraXor versions 5.2.1231.0 and prior. The vulnerability is categorized as SQL Injection (CWE-89). ICS-CE...
CVE-2016-2300
CVE-2016-2300 affects Ecava IntegraXor prior to Version 5.0, build 4522. The vulnerability is an authentication bypass that allows remote attackers to access unspecified web pages via unknown vectors. The vulnerability is remote-exploitable and is among multiple issues identified for IntegraXor
CVE-2014-0753
Ecava IntegraXor SCADA server (Ecava IntegraXor) is affected by CVE-2014-0753. The stack-based buffer overflow affects versions prior to 4.1.4390 and can be exploited remotely by triggering access to DLL code in the IntegraXor directory, potentially causing a denial of service (system crash). The...
CVE-2016-8341
CVE-2016-8341 affects Ecava IntegraXor web server in version 5.0.413.0, where input parameters are vulnerable to SQL injection, allowing read, write, and delete commands against the host database if queries are not sanitized. Public sources (NVD/NVD-based entries) describe a SQLi vulnerability wi...
CVE-2012-4700
CVE-2012-4700: A buffer overflow in the PE3DO32A.ocx ActiveX control of IntegraXor SCADA Server (version 4.00 build 4250.0 and earlier) allows remote code execution via a crafted HTML page. The vulnerability originates in buffer overflows within the ActiveX component, with CVSS v2 base score 9.3 ...
CVE-2014-0752
The CVE-2014-0752 case concerns Ecava IntegraXor SCADA server prior to 4.1.4369, where the project directory contains files that can be downloaded via a crafted URL due to improper access control. This leads to disclosure of project backup files (partial confidentiality impact) and is exploitable...
CVE-2016-2306
CVE-2016-2306 affects Ecava IntegraXor HMI web server prior to version 5.0, build 4522. The root cause is cleartext transmission of sensitive information over the network, enabling remote attackers to sniff unencrypted data. The vulnerability has been confirmed in multiple sources and is associat...
CVE-2010-4597
Ecava IntegraXor HMI is affected by CVE-2010-4597 due to a stack-based buffer overflow in the save method of igcomm.dll (IntegraXor.Project ActiveX) prior to version 3.5.3900.10. An attacker could remotely trigger arbitrary code execution by sending a long string in the second argument. ICS-CERT ...
CVE-2010-4599
CVE-2010-4599: Affected product is Ecava IntegraXor (v3.6.4000.0). The vulnerability is an untrusted search path that lets local attackers elevate privileges by placing a malicious dwmapi.dll in the current working directory. This yields local privilege escalation for the attacker within the affe...
CVE-2014-2375
CVE-2014-2375 affects Ecava IntegraXor SCADA Server (Stable 4.1.4360 and earlier; Beta 4.1.4392 and earlier) via the CSV export feature, which allows an unauthenticated user to read or write arbitrary files and potentially cause a denial of service. The root cause is External Control of File Name...
CVE-2014-2377
The CVE-2014-2377 entry affects Ecava IntegraXor SCADA Server versions 4.1.4360 and earlier (stable) and 4.1.4392 and earlier (beta), where built-in application tags can disclose full pathnames via environmental variables, enabling information exposure. Affected component: IntegraXor SCADA Server...
CVE-2012-0246
Ecava IntegraXor is affected by CVE-2012-0246 via a path traversal vulnerability in an ActiveX control. Affected products are IntegraXor versions older than 3.71.4200; exploitation involves opening a specially crafted HTML document on the server (notable to be exploitable through Internet Explore...
CVE-2014-2376
CVE-2014-2376 refers to an SQL injection vulnerability in Ecava IntegraXor SCADA Server, affecting stable 4.1.4360 and earlier and beta 4.1.4392 and earlier. The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors, enabling potential reading/modifying of files ...
CVE-2016-2305
CVE-2016-2305 affects Ecava IntegraXor web UI: a DOM-based cross-site scripting vulnerability allows remote attackers to inject arbitrary script/HTML via a crafted URL in IntegraXor versions prior to 5.0, build 4522. Root cause: improper input handling in the web interface enables XSS through man...
CVE-2017-16735
CVE-2017-16735 is an SQL Injection vulnerability in Ecava IntegraXor (v6.1.1030.1 and prior). The flaw arises from improper handling/validation of user-supplied input in SQL commands (notably the getdata page name parameter), enabling disclosure of database information and generation of database ...
CVE-2011-2958
CVE-2011-2958 affects Ecava IntegraXor prior to 3.60 (Build 4080). Vulnerability: multiple XSS flaws allowing remote injection of arbitrary script/HTML via unspecified vectors. Exploitation details are not provided in the sources; the advisories reference a patched version 3.60.4080 (or later) as...
CVE-2016-2303
CVE-2016-2303: Ecava IntegraXor before 5.0 build 4522 is vulnerable to CRLF injection in HTTP headers, enabling HTTP response splitting via a crafted URL. Affected product: Ecava IntegraXor HMI web server (pre-5.0 build 4522). Root cause: improper neutralization of CRLF sequences in HTTP header h...
CVE-2016-2302
CVE-2016-2302 affects Ecava IntegraXor web-based HMI (IntegraXor) before version 5.0, build 4522. Root cause: cleartext transmission of sensitive information and related information disclosure via detailed error messages. Impact: remote attacker could obtain sensitive information from the affecte...
CVE-2011-1562
Ecava IntegraXor HMI prior to version 3.60 (Build 4032) is vulnerable to an unauthenticated SQL statement execution via a crafted HTTP POST request. The vulnerability could lead to data leakage, data manipulation, and remote code execution on the backend database service. Ecava has released a pat...
CVE-2016-2299
Ecava IntegraXor web-based HMI/SCADA is affected. The vulnerability is a SQL injection in Ecava IntegraXor before 5.0 build 4522, caused by insufficient input validation. Remote attackers could execute arbitrary SQL commands via unspecified vectors. No exploit details are provided in the document...
CVE-2016-2301
CVE-2016-2301 affects Ecava IntegraXor web-based HMI software. The issue is SQL injection in IntegraXor prior to version 5.0, build 4522, allowing remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected product: Ecava IntegraXor; root cause: improper handlin...
CVE-2016-2304
CVE-2016-2304 affects Ecava IntegraXor prior to version 5.0, build 4522. The issue is that the HTTPOnly flag is not set on the session cookie in the web server, enabling a remote attacker to access the cookie via scripts and potentially log in as an administrator. Public sources describe this as ...