Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a SCADA application that is affected
by multiple vulnerabilities.

Description :

The version of Ecava IntegraXor installed on the remote host is a
version prior to 4.2 Build 4458. It is, therefore, affected by
multiple vulnerabilities :

- A flaw related to IntegraXor's privilege management
allows the unprivileged guest user account to execute
arbitrary SQL statements and potentially upload
malicious files. (CVE-2014-0786)

- A flaw in the way that IntegraXor exports report files
allows a remote, unauthenticated attacker to read and
write any file or cause a denial of service by writing
extremely large files. (CVE-2014-2375)

- A SQL injection flaw allows a remote attacker to modify
and read database entries that are normally restricted,
including configuration entries. (CVE-2014-2376)

- A flaw exists in IntegraXor's built-in application tags
that discloses path name information, which can be used
in conjunction with other vulnerabilities to increase
the likelihood of a successful attack. (CVE-2014-2377)

Solution :

Upgrade to version 4.2.4458 or later.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C)
CVSS Temporal Score : 7.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: SCADA

Nessus Plugin ID: 77964 ()

Bugtraq ID: 66554
69767
69772
69774
69776

CVE ID: CVE-2014-0786
CVE-2014-2375
CVE-2014-2376
CVE-2014-2377

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now