Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities
High Nessus Plugin ID 77964
SynopsisThe remote Windows host contains a SCADA application that is affected by multiple vulnerabilities.
DescriptionThe version of Ecava IntegraXor installed on the remote host is a version prior to 4.2 Build 4458. It is, therefore, affected by multiple vulnerabilities :
- A flaw related to IntegraXor's privilege management allows the unprivileged guest user account to execute arbitrary SQL statements and potentially upload malicious files. (CVE-2014-0786)
- A flaw in the way that IntegraXor exports report files allows a remote, unauthenticated attacker to read and write any file or cause a denial of service by writing extremely large files. (CVE-2014-2375)
- A SQL injection flaw allows a remote attacker to modify and read database entries that are normally restricted, including configuration entries. (CVE-2014-2376)
- A flaw exists in IntegraXor's built-in application tags that discloses path name information, which can be used in conjunction with other vulnerabilities to increase the likelihood of a successful attack. (CVE-2014-2377)
SolutionUpgrade to version 4.2.4458 or later.