SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-181311457] Ecava IntegraXor

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-01-31OtherEcavaIndependent researchers Brian Gorenc and Juan Pablo Lopez working with Trend Micros Zero Day Initiative have identified the SQL N/ACVE-2016-8341 N/AN/AN/A

Source

						
							
								
#
# Ecava IntegraXor
#


### VULNERABLE VENDOR
Ecava


### VULNERABLE PRODUCT
IntegraXor



### RESEARCHER
Independent researchers Brian Gorenc and Juan Pablo Lopez working with Trend Micro's Zero Day Initiative have identified the SQL injection vulnerability.



### AFFECTED PRODUCTS

The following IntegraXor version is affected:

IntegraXor Version 5.0.413.0



### IMPACT

A successful exploit of this vulnerability could lead to arbitrary data leakage, data manipulation, and remote code execution.



### VULNERABILITY OVERVIEW

SQL INJECTION CWE-89
The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection.
If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
CVE-2016-8341 has been assigned to this vulnerability.
A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)





### BACKGROUND

Critical Infrastructure Sector(s): Critical Manufacturing, Energy, Water and Wastewater Systems, Transportation Systems
Countries Deployed: United Kingdom, United States, Australia, Poland, Canada, Estonia
Company Headquarters Location: Malaysia




### MITIGATION

Ecava provides software update V5.2.722.2 for IntegraXor, which fixes this vulnerability and recommends users update to the new version. The update can be found here:

https://www.integraxor.com/download-scada/