Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities

High Nessus Plugin ID 77964


The remote Windows host contains a SCADA application that is affected by multiple vulnerabilities.


The version of Ecava IntegraXor installed on the remote host is a version prior to 4.2 Build 4458. It is, therefore, affected by multiple vulnerabilities :

- A flaw related to IntegraXor's privilege management allows the unprivileged guest user account to execute arbitrary SQL statements and potentially upload malicious files. (CVE-2014-0786)

- A flaw in the way that IntegraXor exports report files allows a remote, unauthenticated attacker to read and write any file or cause a denial of service by writing extremely large files. (CVE-2014-2375)

- A SQL injection flaw allows a remote attacker to modify and read database entries that are normally restricted, including configuration entries. (CVE-2014-2376)

- A flaw exists in IntegraXor's built-in application tags that discloses path name information, which can be used in conjunction with other vulnerabilities to increase the likelihood of a successful attack. (CVE-2014-2377)


Upgrade to version 4.2.4458 or later.

Plugin Details

Severity: High

ID: 77964

File Name: scada_integraxor_4_2_4458.nbin

Version: $Revision: 1.25 $

Type: local

Family: SCADA

Published: 2014/09/29

Modified: 2018/01/29

Dependencies: 53548

Risk Information

Risk Factor: High


Base Score: 8.3

Temporal Score: 7.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ecava:integraxor

Required KB Items: installed_sw/Ecava IntegraXor

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/09/11

Vulnerability Publication Date: 2014/09/11

Reference Information

CVE: CVE-2014-0786, CVE-2014-2375, CVE-2014-2376, CVE-2014-2377

BID: 66554, 69767, 69772, 69774, 69776

OSVDB: 105201, 111772, 111773, 111774, 111775

ICSA: 14-091-01, 14-224-01