SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-334343809] Ecava IntegraXor

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-12-19OtherEcavaSteven Seeley of Source Incite, and Michael DePlante and Brad Taylor working with Zero Day Initiative, reported the vulnerabilitN/ACVE-2017-1673 CVE-2017-1673 N/AN/AN/A

Source

						
							
								
#
# Ecava IntegraXor
#


### VULNERABLE VENDOR
Ecava


### VULNERABLE PRODUCT
IntegraXor 


### RESEARCHER
Steven Seeley of Source Incite, and Michael DePlante and Brad Taylor working with Zero Day Initiative, reported the vulnerabilities to ICS-CERT.


### AFFECTED PRODUCTS
The following version of IntegraXor, a web SCADA/HMI solution, is affected:

Ecava IntegraXor v 6.1.1030.1 and prior


### IMPACT
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the database or generate an error in the database log.


### VULNERABILITY OVERVIEW
IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89
The SQL Injection vulnerability has been identified, which attacker can leverage to disclose sensitive information from the database.
CVE-2017-16733 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)


IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89
The SQL Injection vulnerability has been identified, which generates an error in the database log.
CVE-2017-16735 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/Areas Deployed: United Kingdom, United States, Australia, Poland, Canada, Estonia
Company Headquarters Location: Malaysia




### MITIGATION

Ecava recommends that users of affected IntegraXor versions update to version 6.1.1215.0 or newer, a download for which can be found at the following location:

https://www.integraxor.com/download-scada/