Ecava IntegraXor < 3.60.4050 Unspecified SQL Injection

Critical Nessus Plugin ID 53549


The remote Windows host contains a SCADA application that is susceptible to a SQL injection attack.


The version of IntegraXor installed on the remote host is earlier than 3.60 (Build 4050). As such, it reportedly contains an unspecified SQL injection vulnerability that can be exploited by an unauthenticated remote attacker and lead to data leakage, data manipulation, and remote code execution against the backend host running the database service.


Upgrade to version 3.60.4050.0 or later.

See Also

Plugin Details

Severity: Critical

ID: 53549

File Name: scada_integraxor_3_60_4050.nbin

Version: $Revision: 1.22 $

Type: local

Family: SCADA

Published: 2011/04/25

Modified: 2018/01/29

Dependencies: 53548

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SCADA/Apps/Ecava/IntegraXor/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/03/23

Vulnerability Publication Date: 2011/03/23

Reference Information

CVE: CVE-2011-1562

BID: 47019

OSVDB: 72834

ICS-ALERT: 11-082-01