Ecava IntegraXor < 4.00.4283 ActiveX Remote Buffer Overflow

high Nessus Plugin ID 64630

Synopsis

The remote Windows host contains a SCADA application that is affected by a buffer overflow vulnerability.

Description

The version of IntegraXor installed on the remote host is earlier than 4.00 Build 4283. As such, it is reportedly affected by a buffer overflow vulnerability in the ActiveX file 'PE3DO32A.ocx'. If an attacker can trick a user on the affected host into visiting a specially crafted web page, they may be able to leverage this issue to conduct a denial of service (DoS) or execute arbitrary code on the host subject to user's privileges.

Solution

Upgrade to version 4.00.4283 or later.

See Also

http://www.nessus.org/u?72a3411c

Plugin Details

Severity: High

ID: 64630

File Name: scada_integraxor_4_00_4283.nbin

Version: 1.52

Type: local

Family: SCADA

Published: 2/14/2013

Updated: 7/19/2022

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ecava:integraxor

Required KB Items: SCADA/Apps/Ecava/IntegraXor/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 12/12/2012

Vulnerability Publication Date: 12/12/2012

Reference Information

CVE: CVE-2012-4700

BID: 57767

ICSA: 13-036-02