Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure

medium Nessus Plugin ID 72107

Synopsis

The remote Windows host contains a SCADA application that is affected by an information disclosure vulnerability.

Description

The version of IntegraXor installed on the remote host is a version prior to 4.1 Build 4369. It is, therefore, reportedly affected by an information disclosure vulnerability due to credentials being stored in plaintext. An attacker can potentially exploit this vulnerability to disclose credentials and possibly achieve remote code execution.

Solution

Upgrade to version 4.1.4369 or later.

See Also

http://www.nessus.org/u?955089ae

https://www.zerodayinitiative.com/advisories/ZDI-13-277/

Plugin Details

Severity: Medium

ID: 72107

File Name: scada_integraxor_4_1_4369.nbin

Version: 1.55

Type: local

Family: SCADA

Published: 1/23/2014

Updated: 7/19/2022

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2014-0752

Vulnerability Information

CPE: cpe:/a:ecava:integraxor

Required KB Items: SCADA/Apps/Ecava/IntegraXor/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 12/21/2013

Vulnerability Publication Date: 12/15/2013

Reference Information

CVE: CVE-2014-0752

BID: 64351

ICSA: 14-008-01