Ecava IntegraXor < 3.60.4050 Unspecified SQL Injection

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a SCADA application that is
susceptible to a SQL injection attack.

Description :

The version of IntegraXor installed on the remote host is earlier
than 3.60 (Build 4050). As such, it reportedly contains an
unspecified SQL injection vulnerability that can be exploited by an
unauthenticated remote attacker and lead to data leakage, data
manipulation, and remote code execution against the backend host
running the database service.

See also :

http://www.integraxor.com/blog/integraxor-3-60-4050-dated-23mar11

Solution :

Upgrade to version 3.60.4050.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 53549 ()

Bugtraq ID: 47019

CVE ID: CVE-2011-1562

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial