Lucene search
K
EcavaIntegraxor

26 matches found

CVE
CVE
added 2010/12/23 5:0 p.m.83 views

CVE-2010-4598

CVE-2010-4598 affects Ecava IntegraXor web-based SCADA UI, with vulnerable versions 3.6.4000.0 and earlier. The issue is a directory traversal in the open request where a crafted file_name parameter with “..” can cause the system to disclose arbitrary files outside the web root. Public records in...

5CVSS6.8AI score0.26482EPSS
CVE
CVE
added 2014/05/01 1:0 a.m.62 views

CVE-2014-0786

CVE-2014-0786 affects Ecava IntegraXor SCADA Server prior to 4.1.4393. The issue is an improper privilege/guest access flaw that allows remote attackers to read cleartext administrative credentials via SELECT statements executed with the guest role, leading to information disclosure. Affected pro...

7.5CVSS6.5AI score0.0265EPSS
CVE
CVE
added 2015/04/03 10:0 a.m.62 views

CVE-2015-0990

Affected product: Ecava IntegraXor SCADA Server prior to version 4.2.4488. Issue: Untrusted search path (CWE-427) allows a local attacker to escalate privileges by placing a renamed DLL in the default install directory; the DLL is loaded by the application, executing code with the application’s p...

4.4CVSS6.7AI score0.00358EPSS
CVE
CVE
added 2017/12/20 7:0 p.m.62 views

CVE-2017-16733

CVE-2017-16733 affects Ecava IntegraXor (v6.1.1030.1 and earlier). The vulnerability is an SQL Injection in the web interface that can disclose sensitive database information; the batchlist report parsing flaw is a specific instance described by ZDI. Exploitation is shown as remote and unauthenti...

5.3CVSS5.5AI score0.00919EPSS
CVE
CVE
added 2017/06/21 7:0 p.m.60 views

CVE-2017-6050

Ecava IntegraXor is affected by CVE-2017-6050 due to improper input validation that enables an unauthenticated attacker to remotely execute arbitrary SQL queries. Affected products include IntegraXor versions 5.2.1231.0 and prior. The vulnerability is categorized as SQL Injection (CWE-89). ICS-CE...

9.8CVSS9.8AI score0.03536EPSS
CVE
CVE
added 2016/04/22 12:0 a.m.58 views

CVE-2016-2300

CVE-2016-2300 affects Ecava IntegraXor prior to Version 5.0, build 4522. The vulnerability is an authentication bypass that allows remote attackers to access unspecified web pages via unknown vectors. The vulnerability is remote-exploitable and is among multiple issues identified for IntegraXor

6.5CVSS6.8AI score0.01169EPSS
CVE
CVE
added 2014/01/21 1:0 a.m.54 views

CVE-2014-0753

Ecava IntegraXor SCADA server (Ecava IntegraXor) is affected by CVE-2014-0753. The stack-based buffer overflow affects versions prior to 4.1.4390 and can be exploited remotely by triggering access to DLL code in the IntegraXor directory, potentially causing a denial of service (system crash). The...

7.8CVSS7.5AI score0.02518EPSS
CVE
CVE
added 2017/02/13 9:0 p.m.54 views

CVE-2016-8341

CVE-2016-8341 affects Ecava IntegraXor web server in version 5.0.413.0, where input parameters are vulnerable to SQL injection, allowing read, write, and delete commands against the host database if queries are not sanitized. Public sources (NVD/NVD-based entries) describe a SQLi vulnerability wi...

9.8CVSS9.7AI score0.01645EPSS
CVE
CVE
added 2013/02/08 2:0 a.m.53 views

CVE-2012-4700

CVE-2012-4700: A buffer overflow in the PE3DO32A.ocx ActiveX control of IntegraXor SCADA Server (version 4.00 build 4250.0 and earlier) allows remote code execution via a crafted HTML page. The vulnerability originates in buffer overflows within the ActiveX component, with CVSS v2 base score 9.3 ...

9.3CVSS7.8AI score0.03769EPSS
CVE
CVE
added 2014/01/09 11:0 a.m.52 views

CVE-2014-0752

The CVE-2014-0752 case concerns Ecava IntegraXor SCADA server prior to 4.1.4369, where the project directory contains files that can be downloaded via a crafted URL due to improper access control. This leads to disclosure of project backup files (partial confidentiality impact) and is exploitable...

7.5CVSS6.8AI score0.01628EPSS
CVE
CVE
added 2016/04/22 12:0 a.m.51 views

CVE-2016-2306

CVE-2016-2306 affects Ecava IntegraXor HMI web server prior to version 5.0, build 4522. The root cause is cleartext transmission of sensitive information over the network, enabling remote attackers to sniff unencrypted data. The vulnerability has been confirmed in multiple sources and is associat...

7.8CVSS7.3AI score0.01852EPSS
CVE
CVE
added 2010/12/23 5:0 p.m.50 views

CVE-2010-4597

Ecava IntegraXor HMI is affected by CVE-2010-4597 due to a stack-based buffer overflow in the save method of igcomm.dll (IntegraXor.Project ActiveX) prior to version 3.5.3900.10. An attacker could remotely trigger arbitrary code execution by sending a long string in the second argument. ICS-CERT ...

10CVSS8.3AI score0.18823EPSS
CVE
CVE
added 2010/12/23 5:0 p.m.50 views

CVE-2010-4599

CVE-2010-4599: Affected product is Ecava IntegraXor (v3.6.4000.0). The vulnerability is an untrusted search path that lets local attackers elevate privileges by placing a malicious dwmapi.dll in the current working directory. This yields local privilege escalation for the attacker within the affe...

6.9CVSS6.4AI score0.0033EPSS
CVE
CVE
added 2014/09/15 2:0 p.m.50 views

CVE-2014-2375

CVE-2014-2375 affects Ecava IntegraXor SCADA Server (Stable 4.1.4360 and earlier; Beta 4.1.4392 and earlier) via the CSV export feature, which allows an unauthenticated user to read or write arbitrary files and potentially cause a denial of service. The root cause is External Control of File Name...

9CVSS7AI score0.02315EPSS
CVE
CVE
added 2014/09/15 2:0 p.m.50 views

CVE-2014-2377

The CVE-2014-2377 entry affects Ecava IntegraXor SCADA Server versions 4.1.4360 and earlier (stable) and 4.1.4392 and earlier (beta), where built-in application tags can disclose full pathnames via environmental variables, enabling information exposure. Affected component: IntegraXor SCADA Server...

5CVSS6.8AI score0.01836EPSS
CVE
CVE
added 2012/04/02 10:0 a.m.49 views

CVE-2012-0246

Ecava IntegraXor is affected by CVE-2012-0246 via a path traversal vulnerability in an ActiveX control. Affected products are IntegraXor versions older than 3.71.4200; exploitation involves opening a specially crafted HTML document on the server (notable to be exploitable through Internet Explore...

9.3CVSS7.7AI score0.06112EPSS
CVE
CVE
added 2014/09/15 2:0 p.m.49 views

CVE-2014-2376

CVE-2014-2376 refers to an SQL injection vulnerability in Ecava IntegraXor SCADA Server, affecting stable 4.1.4360 and earlier and beta 4.1.4392 and earlier. The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors, enabling potential reading/modifying of files ...

7.5CVSS8.6AI score0.02035EPSS
CVE
CVE
added 2016/04/22 12:0 a.m.49 views

CVE-2016-2305

CVE-2016-2305 affects Ecava IntegraXor web UI: a DOM-based cross-site scripting vulnerability allows remote attackers to inject arbitrary script/HTML via a crafted URL in IntegraXor versions prior to 5.0, build 4522. Root cause: improper input handling in the web interface enables XSS through man...

6.1CVSS6AI score0.00906EPSS
CVE
CVE
added 2017/12/20 7:0 p.m.49 views

CVE-2017-16735

CVE-2017-16735 is an SQL Injection vulnerability in Ecava IntegraXor (v6.1.1030.1 and prior). The flaw arises from improper handling/validation of user-supplied input in SQL commands (notably the getdata page name parameter), enabling disclosure of database information and generation of database ...

5.3CVSS5.8AI score0.01017EPSS
CVE
CVE
added 2011/07/28 6:0 p.m.48 views

CVE-2011-2958

CVE-2011-2958 affects Ecava IntegraXor prior to 3.60 (Build 4080). Vulnerability: multiple XSS flaws allowing remote injection of arbitrary script/HTML via unspecified vectors. Exploitation details are not provided in the sources; the advisories reference a patched version 3.60.4080 (or later) as...

4.3CVSS5.8AI score0.01197EPSS
CVE
CVE
added 2016/04/22 12:0 a.m.48 views

CVE-2016-2303

CVE-2016-2303: Ecava IntegraXor before 5.0 build 4522 is vulnerable to CRLF injection in HTTP headers, enabling HTTP response splitting via a crafted URL. Affected product: Ecava IntegraXor HMI web server (pre-5.0 build 4522). Root cause: improper neutralization of CRLF sequences in HTTP header h...

5.3CVSS5.9AI score0.01052EPSS
CVE
CVE
added 2016/04/22 12:0 a.m.45 views

CVE-2016-2302

CVE-2016-2302 affects Ecava IntegraXor web-based HMI (IntegraXor) before version 5.0, build 4522. Root cause: cleartext transmission of sensitive information and related information disclosure via detailed error messages. Impact: remote attacker could obtain sensitive information from the affecte...

5.3CVSS5.7AI score0.01176EPSS
CVE
CVE
added 2011/04/05 3:0 p.m.44 views

CVE-2011-1562

Ecava IntegraXor HMI prior to version 3.60 (Build 4032) is vulnerable to an unauthenticated SQL statement execution via a crafted HTTP POST request. The vulnerability could lead to data leakage, data manipulation, and remote code execution on the backend database service. Ecava has released a pat...

7.5CVSS8.2AI score0.01734EPSS
CVE
CVE
added 2016/04/22 12:0 a.m.44 views

CVE-2016-2299

Ecava IntegraXor web-based HMI/SCADA is affected. The vulnerability is a SQL injection in Ecava IntegraXor before 5.0 build 4522, caused by insufficient input validation. Remote attackers could execute arbitrary SQL commands via unspecified vectors. No exploit details are provided in the document...

7.5CVSS7.6AI score0.01425EPSS
CVE
CVE
added 2016/04/22 12:0 a.m.44 views

CVE-2016-2301

CVE-2016-2301 affects Ecava IntegraXor web-based HMI software. The issue is SQL injection in IntegraXor prior to version 5.0, build 4522, allowing remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected product: Ecava IntegraXor; root cause: improper handlin...

6.5CVSS6.8AI score0.00805EPSS
CVE
CVE
added 2016/04/22 12:0 a.m.44 views

CVE-2016-2304

CVE-2016-2304 affects Ecava IntegraXor prior to version 5.0, build 4522. The issue is that the HTTPOnly flag is not set on the session cookie in the web server, enabling a remote attacker to access the cookie via scripts and potentially log in as an administrator. Public sources describe this as ...

4.3CVSS5AI score0.01065EPSS