Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a SCADA application that is affected
by an information disclosure vulnerability.

Description :

The version of IntegraXor installed on the remote host is a version
prior to 4.1 Build 4369. It is, therefore, reportedly affected by an
information disclosure vulnerability caused by credentials being stored
in cleartext. An attacker could potentially exploit this vulnerability
to disclose credentials and possibly achieve remote code execution.

See also :

http://www.nessus.org/u?b99dd343
http://www.zerodayinitiative.com/advisories/ZDI-13-277/

Solution :

Upgrade to version 4.1.4369 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 72107 ()

Bugtraq ID: 64351

CVE ID: CVE-2014-0752