Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure

High Nessus Network Monitor Plugin ID 8397


A vulnerable version of Ecava IntegraXor has been detected.


Ecava IntegraXor versions &lt; 4.1.4369 contain an information disclosure vulnerability. Project backup files can be accessed by bypassing file access restrictions with a specially crafted URL. Since credentials are stored in cleartext in certain project backup files, an attacker could use this information to possibly achieve remote code execution.


Upgrade to version 4.1.4369 or later.

See Also

Plugin Details

Severity: High

ID: 8397

Family: SCADA

Published: 2014/09/19

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 72107

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ecava:integraxor

Patch Publication Date: 2013/12/21

Vulnerability Publication Date: 2013/12/15

Reference Information

CVE: CVE-2014-0752

BID: 64351