Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    87 vulnerabilities found for IntegraXor by Ecava

    VAR-201604-0068

    Vulnerability from variot - Updated: 2024-02-13 22:39

    SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists in the handling of summary_opt report requests. The vulnerability is caused by the lack of input validation before using remotely supplied strings to construct SQL queries. By sending a specially crafted request to a vulnerable system, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code in the context of the process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor failed to perform input validation. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0068",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": null,
            "trust": 4.1,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "5.0 build 4522"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.71.4200"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4050"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4032"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "db": "BID",
            "id": "86026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.2.4502",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "db": "BID",
            "id": "86026"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          }
        ],
        "trust": 3.0
      },
      "cve": "CVE-2016-2299",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-2299",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 4.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-02275",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "58b5aa68-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-2299",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2016-2299",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-2299",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02275",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-256",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "58b5aa68-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-2299",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists in the handling of summary_opt report requests. The vulnerability is caused by the lack of input validation before using remotely supplied strings to construct SQL queries. By sending a specially crafted request to a vulnerable system, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code in the context of the process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor failed to perform input validation. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "db": "BID",
            "id": "86026"
          },
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2299"
          }
        ],
        "trust": 5.85
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2299",
            "trust": 7.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-105-03",
            "trust": 2.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-240",
            "trust": 2.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-236",
            "trust": 2.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239",
            "trust": 2.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-237",
            "trust": 2.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238",
            "trust": 2.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3322",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3325",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3321",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3326",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3320",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "86026",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "58B5AA68-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2299",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2299"
          },
          {
            "db": "BID",
            "id": "86026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "id": "VAR-201604-0068",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          }
        ]
      },
      "last_update_date": "2024-02-13T22:39:02.122000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Ecava has produced a new release that addresses the reported vulnerabilities, as well as some identified security risks, in Version 5.0, build 4522.  and https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
            "trust": 3.5,
            "url": "http://www.integraxor.com/download/beta.msi?5.0.4522.2"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com"
          },
          {
            "title": "Patch for Ecava IntegraXor Remote Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/74223"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 6.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
          },
          {
            "trust": 4.1,
            "url": "http://www.integraxor.com/download/beta.msi?5.0.4522.2"
          },
          {
            "trust": 1.4,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-238"
          },
          {
            "trust": 1.4,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-237"
          },
          {
            "trust": 1.4,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-239"
          },
          {
            "trust": 1.4,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-240"
          },
          {
            "trust": 1.4,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-236"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2299"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2299"
          },
          {
            "trust": 0.3,
            "url": "http://ecava.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2299"
          },
          {
            "db": "BID",
            "id": "86026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2299"
          },
          {
            "db": "BID",
            "id": "86026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-18T00:00:00",
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "date": "2016-04-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-2299"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "BID",
            "id": "86026"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "date": "2016-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          },
          {
            "date": "2016-04-22T00:59:00.120000",
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-240"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-236"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-239"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-237"
          },
          {
            "date": "2016-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-238"
          },
          {
            "date": "2016-04-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          },
          {
            "date": "2016-12-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-2299"
          },
          {
            "date": "2016-07-06T14:31:00",
            "db": "BID",
            "id": "86026"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002344"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          },
          {
            "date": "2016-12-03T03:24:56.053000",
            "db": "NVD",
            "id": "CVE-2016-2299"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02275"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-256"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201012-0059

    Vulnerability from variot - Updated: 2023-12-18 14:02

    Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. Ecava IntegraXor Contains a buffer overflow vulnerability. Ecava IntegraXor Is 1024 Writing over bytes can cause a buffer overflow on the stack.Ecava IntegraXor Service disruption by a third party with access to (DoS) An attacker may be able to attack or execute arbitrary code. Ecava IntegraXor is a human interface product that uses HTML and SVG. When sending a request that exceeds 1024 bytes, IntegraXor will write out the buffer and destroy the memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------

    Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

    Request a free trial: http://secunia.com/products/corporate/vim/


    TITLE: IntegraXor Project ActiveX Control Buffer Overflow Vulnerability

    SECUNIA ADVISORY ID: SA42650

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42650/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42650

    RELEASE DATE: 2010-12-27

    DISCUSS ADVISORY: http://secunia.com/advisories/42650/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/42650/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=42650

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been discovered in IntegraXor, which can be exploited by malicious people to compromise a user's system.

    The vulnerability is confirmed in version 3.5.3900.5. Other versions may also be affected.

    SOLUTION: Update to version 3.5.3900.10 or later.

    PROVIDED AND/OR DISCOVERED BY: Jeremy Brown

    ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201012-0059",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "v3.5 (build 3900.10) earlier"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.6,
            "vendor": "integraxor",
            "version": "*"
          },
          {
            "model": "integraxor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#603928"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          },
          {
            "db": "BID",
            "id": "45487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4597"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5.3900.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-4597"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jeremy Brown",
        "sources": [
          {
            "db": "BID",
            "id": "45487"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-4597",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2010-4597",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "8881ea8c-2355-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7d7abaf0-463f-11e9-af73-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2010-4597",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#603928",
                "trust": 0.8,
                "value": "21.83"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201012-313",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "8881ea8c-2355-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d7abaf0-463f-11e9-af73-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2010-4597",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#603928"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-4597"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4597"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. Ecava IntegraXor Contains a buffer overflow vulnerability. Ecava IntegraXor Is 1024 Writing over bytes can cause a buffer overflow on the stack.Ecava IntegraXor Service disruption by a third party with access to (DoS) An attacker may be able to attack or execute arbitrary code. Ecava IntegraXor is a human interface product that uses HTML and SVG. When sending a request that exceeds 1024 bytes, IntegraXor will write out the buffer and destroy the memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Project ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42650\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42650/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650\n\nRELEASE DATE:\n2010-12-27\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42650/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42650/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 3.5.3900.5. Other versions\nmay also be affected. \n\nSOLUTION:\nUpdate to version 3.5.3900.10 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nJeremy Brown\n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-4597"
          },
          {
            "db": "CERT/CC",
            "id": "VU#603928"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          },
          {
            "db": "BID",
            "id": "45487"
          },
          {
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-4597"
          },
          {
            "db": "PACKETSTORM",
            "id": "97061"
          }
        ],
        "trust": 3.87
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=15767",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2010-4597"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#603928",
            "trust": 4.2
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4597",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "45487",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-10-322-01",
            "trust": 2.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2010-3275",
            "trust": 2.5
          },
          {
            "db": "SECUNIA",
            "id": "42650",
            "trust": 2.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "15767",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-313",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661",
            "trust": 0.8
          },
          {
            "db": "NSFOCUS",
            "id": "16220",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "8881EA8C-2355-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D7ABAF0-463F-11E9-AF73-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7C5841BA-1FA5-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-4597",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "97061",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#603928"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-4597"
          },
          {
            "db": "BID",
            "id": "45487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "db": "PACKETSTORM",
            "id": "97061"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4597"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ]
      },
      "id": "VAR-201012-0059",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          }
        ],
        "trust": 1.47383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:02:14.196000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "IntegraXor 3.5 SCADA Security Issue 20101006-0109 Vulnerability Note",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
          },
          {
            "title": "Patch for Ecava IntegraXor Remote Stack Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/2206"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4597"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.kb.cert.org/vuls/id/603928"
          },
          {
            "trust": 2.8,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-322-01.pdf"
          },
          {
            "trust": 2.6,
            "url": "http://www.securityfocus.com/bid/45487"
          },
          {
            "trust": 2.5,
            "url": "http://www.vupen.com/english/advisories/2010/3275"
          },
          {
            "trust": 1.9,
            "url": "http://secunia.com/advisories/42650"
          },
          {
            "trust": 1.8,
            "url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
          },
          {
            "trust": 1.7,
            "url": "http://www.exploit-db.com/exploits/15767"
          },
          {
            "trust": 0.8,
            "url": "about vulnerability notes"
          },
          {
            "trust": 0.8,
            "url": "contact us about this vulnerability"
          },
          {
            "trust": 0.8,
            "url": "provide a vendor statement"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4597"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu603928"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4597"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/603928http"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/16220"
          },
          {
            "trust": 0.3,
            "url": "http://www.ecava.com/index.htm"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/15767/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/42650/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/vim/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/42650/#comments"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#603928"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-4597"
          },
          {
            "db": "BID",
            "id": "45487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "db": "PACKETSTORM",
            "id": "97061"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4597"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#603928"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-4597"
          },
          {
            "db": "BID",
            "id": "45487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "db": "PACKETSTORM",
            "id": "97061"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4597"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-12-24T00:00:00",
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2010-12-21T00:00:00",
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "date": "2010-12-21T00:00:00",
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2010-12-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#603928"
          },
          {
            "date": "2010-12-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          },
          {
            "date": "2010-12-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-4597"
          },
          {
            "date": "2010-12-16T00:00:00",
            "db": "BID",
            "id": "45487"
          },
          {
            "date": "2011-01-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "date": "2010-12-27T07:39:20",
            "db": "PACKETSTORM",
            "id": "97061"
          },
          {
            "date": "2010-12-23T18:00:03.823000",
            "db": "NVD",
            "id": "CVE-2010-4597"
          },
          {
            "date": "2010-12-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-12-21T00:00:00",
            "db": "CERT/CC",
            "id": "VU#603928"
          },
          {
            "date": "2010-12-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          },
          {
            "date": "2011-01-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-4597"
          },
          {
            "date": "2015-04-13T21:02:00",
            "db": "BID",
            "id": "45487"
          },
          {
            "date": "2011-01-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-002661"
          },
          {
            "date": "2011-01-11T06:46:27.093000",
            "db": "NVD",
            "id": "CVE-2010-4597"
          },
          {
            "date": "2010-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Remote Stack Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3307"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-313"
          }
        ],
        "trust": 1.2
      }
    }

    VAR-201012-0060

    Vulnerability from variot - Updated: 2023-12-18 13:53

    Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------

    Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

    Request a free trial: http://secunia.com/products/corporate/vim/


    TITLE: IntegraXor "file_name" File Disclosure Vulnerability

    SECUNIA ADVISORY ID: SA42730

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42730

    RELEASE DATE: 2010-12-23

    DISCUSS ADVISORY: http://secunia.com/advisories/42730/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/42730/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=42730

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Luigi Auriemma has discovered a vulnerability in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information.

    Input passed to the "file_name" parameter in "//open" (where "" is a valid project) is not properly verified before being used to display files.

    Successful exploitation requires the IntegraXor Server to be started and running a project (off by default).

    The vulnerability is confirmed in version 3.6.4000.0.

    SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists).

    PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma

    ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/integraxor_1-adv.txt

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201012-0060",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 2.5,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 2.5,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.8,
            "vendor": "integraxor",
            "version": "3.5.3900.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.8,
            "vendor": "integraxor",
            "version": "3.5.3900.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.8,
            "vendor": "integraxor",
            "version": "*"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "3.6.4000.1 earlier"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "\u003c=3.6.4000.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#979776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          },
          {
            "db": "BID",
            "id": "45535"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.6.4000.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-4598"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Luigi Auriemma",
        "sources": [
          {
            "db": "BID",
            "id": "45535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2010-4598",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2010-4598",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "8876dc14-2355-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d73dd1e-463f-11e9-802e-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "431cff94-1fa5-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2010-4598",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#979776",
                "trust": 0.8,
                "value": "18.00"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201012-314",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "8876dc14-2355-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7d73dd1e-463f-11e9-802e-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "431cff94-1fa5-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#979776"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. \nIntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor \"file_name\" File Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42730\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42730/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730\n\nRELEASE DATE:\n2010-12-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42730/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42730/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has discovered a vulnerability in IntegraXor, which\ncan be exploited by malicious people to disclose potentially\nsensitive information. \n\nInput passed to the \"file_name\" parameter in \"/\u003cproject name\u003e/open\"\n(where \"\u003cproject name\u003e\" is a valid project) is not properly verified\nbefore being used to display files. \n\nSuccessful exploitation requires the IntegraXor Server to be started\nand running a project (off by default). \n\nThe vulnerability is confirmed in version 3.6.4000.0. \n\nSOLUTION:\nRestrict access to trusted hosts only (e.g. via network access\ncontrol lists). \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/integraxor_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-4598"
          },
          {
            "db": "CERT/CC",
            "id": "VU#979776"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          },
          {
            "db": "BID",
            "id": "45535"
          },
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "db": "PACKETSTORM",
            "id": "96914"
          }
        ],
        "trust": 4.5
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-4598",
            "trust": 4.1
          },
          {
            "db": "BID",
            "id": "45535",
            "trust": 3.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#979776",
            "trust": 2.9
          },
          {
            "db": "ICS CERT ALERT",
            "id": "ICS-ALERT-10-355-01",
            "trust": 2.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "15802",
            "trust": 2.4
          },
          {
            "db": "VUPEN",
            "id": "ADV-2010-3304",
            "trust": 2.4
          },
          {
            "db": "SECUNIA",
            "id": "42730",
            "trust": 1.9
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3332",
            "trust": 1.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-10-362-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "8876DC14-2355-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D73DD1E-463F-11E9-802E-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "431CFF94-1FA5-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D79F7A2-463F-11E9-B78D-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "96914",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#979776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          },
          {
            "db": "BID",
            "id": "45535"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "db": "PACKETSTORM",
            "id": "96914"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ]
      },
      "id": "VAR-201012-0060",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          }
        ],
        "trust": 2.27383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 2.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:53:39.616000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "IntegraXor 3.6 SCADA Security Issue 20101222-0323 Vulnerability Note",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4598"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-10-355-01.pdf"
          },
          {
            "trust": 2.5,
            "url": "http://aluigi.org/adv/integraxor_1-adv.txt"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/45535"
          },
          {
            "trust": 2.4,
            "url": "http://www.vupen.com/english/advisories/2010/3304"
          },
          {
            "trust": 2.1,
            "url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/979776"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/42730"
          },
          {
            "trust": 1.6,
            "url": "http://www.exploit-db.com/exploits/15802"
          },
          {
            "trust": 0.8,
            "url": "http://www.exploit-db.com/exploits/15802/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4598"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-362-01_ecava_integraxor_directory_traversal.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu979776"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4598"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/45535http"
          },
          {
            "trust": 0.3,
            "url": "http://www.ecava.com/index.htm"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://aluigi.altervista.org/adv/integraxor_1-adv.txt"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/vim/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/42730/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/42730/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#979776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          },
          {
            "db": "BID",
            "id": "45535"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "db": "PACKETSTORM",
            "id": "96914"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#979776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          },
          {
            "db": "BID",
            "id": "45535"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "db": "PACKETSTORM",
            "id": "96914"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-12-24T00:00:00",
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2010-12-24T00:00:00",
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "date": "2010-12-22T00:00:00",
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2010-12-22T00:00:00",
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "date": "2011-01-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#979776"
          },
          {
            "date": "2010-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "date": "2010-12-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          },
          {
            "date": "2010-12-21T00:00:00",
            "db": "BID",
            "id": "45535"
          },
          {
            "date": "2011-01-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "date": "2010-12-23T06:21:14",
            "db": "PACKETSTORM",
            "id": "96914"
          },
          {
            "date": "2010-12-23T18:00:03.977000",
            "db": "NVD",
            "id": "CVE-2010-4598"
          },
          {
            "date": "2010-12-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-01-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#979776"
          },
          {
            "date": "2010-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "date": "2010-12-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3332"
          },
          {
            "date": "2011-01-11T15:22:00",
            "db": "BID",
            "id": "45535"
          },
          {
            "date": "2011-01-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001001"
          },
          {
            "date": "2011-01-14T06:48:40.307000",
            "db": "NVD",
            "id": "CVE-2010-4598"
          },
          {
            "date": "2010-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Directory Traversal Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "8876dc14-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-314"
          }
        ],
        "trust": 1.4
      }
    }

    VAR-201204-0146

    Vulnerability from variot - Updated: 2023-12-18 13:49

    Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to overwrite arbitrary files on the affected system. This could aid in further attacks. Ecava IntegraXor versions prior to 3.71.4200 are vulnerable. ----------------------------------------------------------------------

    Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch


    TITLE: IntegraXor Project ActiveX Control Insecure Method

    SECUNIA ADVISORY ID: SA48558

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48558

    RELEASE DATE: 2012-03-28

    DISCUSS ADVISORY: http://secunia.com/advisories/48558/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/48558/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=48558

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to compromise a user's system.

    Successful exploitation may allow execution of arbitrary code.

    SOLUTION: Update to version 3.71.4200.

    PROVIDED AND/OR DISCOVERED BY: US-CERT credits Billy Rios and Terry McCorkle.

    ORIGINAL ADVISORY: US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0146",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 2.5,
            "vendor": "ecava",
            "version": "3.60"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "3.60.4061"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.60.4032"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.60.4050"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "3.71.4200"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "3.60.4061"
          },
          {
            "model": "integraxor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.71.4200"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.5.3900.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.5.3900.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.6.4000.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.60"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "db": "BID",
            "id": "52763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-0246"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.60:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.60.4061",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-0246"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Billy Rios and Terry McCorkle",
        "sources": [
          {
            "db": "BID",
            "id": "52763"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-0246",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2012-0246",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "f9d0942e-2353-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-0246",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-535",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "f9d0942e-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-0246"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. \nExploiting the issue may allow an attacker to overwrite arbitrary files on the affected system. This could aid in further attacks. \nEcava IntegraXor versions prior to 3.71.4200 are vulnerable. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Project ActiveX Control Insecure Method\n\nSECUNIA ADVISORY ID:\nSA48558\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48558/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48558/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48558/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nSOLUTION:\nUpdate to version 3.71.4200. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Billy Rios and Terry McCorkle. \n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-0246"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "db": "BID",
            "id": "52763"
          },
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "111325"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-0246",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-12-083-01",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "48558",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "80650",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-535",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "52763",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "F9D0942E-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "111325",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "db": "BID",
            "id": "52763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "db": "PACKETSTORM",
            "id": "111325"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-0246"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ]
      },
      "id": "VAR-201204-0146",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:49:10.258000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/index.htm"
          },
          {
            "title": "IntegraXor 3.71 - DOWNLOAD",
            "trust": 0.8,
            "url": "http://www.integraxor.com/download.htm"
          },
          {
            "title": "Ecava IntegraXor \u0027igcom.dll\u0027 directory traversal vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/14973"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-0246"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-083-01.pdf"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/48558"
          },
          {
            "trust": 1.0,
            "url": "http://osvdb.org/80650"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0246"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0246"
          },
          {
            "trust": 0.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-083-01.pdfhttp"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/psi_30_beta_launch"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/48558/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/48558/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "db": "BID",
            "id": "52763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "db": "PACKETSTORM",
            "id": "111325"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-0246"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "db": "BID",
            "id": "52763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "db": "PACKETSTORM",
            "id": "111325"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-0246"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-30T00:00:00",
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2012-03-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "date": "2012-03-28T00:00:00",
            "db": "BID",
            "id": "52763"
          },
          {
            "date": "2012-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "date": "2012-03-28T09:00:21",
            "db": "PACKETSTORM",
            "id": "111325"
          },
          {
            "date": "2012-04-02T10:46:44.263000",
            "db": "NVD",
            "id": "CVE-2012-0246"
          },
          {
            "date": "2012-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "date": "2012-08-17T12:20:00",
            "db": "BID",
            "id": "52763"
          },
          {
            "date": "2012-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001978"
          },
          {
            "date": "2018-01-06T02:29:28.893000",
            "db": "NVD",
            "id": "CVE-2012-0246"
          },
          {
            "date": "2012-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor \u0027igcom.dll\u0027 Directory Traversal Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-1650"
          },
          {
            "db": "BID",
            "id": "52763"
          }
        ],
        "trust": 1.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-535"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201504-0076

    Vulnerability from variot - Updated: 2023-12-18 13:39

    Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. A local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0076",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4450"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "4.2.4488"
          },
          {
            "model": "integraxor scada server",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4488"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4450"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor scada server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.2.4488"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "db": "BID",
            "id": "73472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4450",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0990"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Praveen Darshanam",
        "sources": [
          {
            "db": "BID",
            "id": "73472"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-0990",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2015-0990",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-02165",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "98f81d5e-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2015-0990",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-02165",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201504-051",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "98f81d5e-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-0990",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. \nA local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "db": "BID",
            "id": "73472"
          },
          {
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0990"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-0990",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-090-02",
            "trust": 2.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "73472",
            "trust": 0.4
          },
          {
            "db": "IVD",
            "id": "98F81D5E-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0990",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0990"
          },
          {
            "db": "BID",
            "id": "73472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ]
      },
      "id": "VAR-201504-0076",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          }
        ],
        "trust": 1.0713851600000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:39:18.563000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "igsetup-4.2.4488.msi",
            "trust": 0.8,
            "url": "http://www.integraxor.com/download/rc.msi?4.2.4488"
          },
          {
            "title": "Patch for Ecava IntegraXor DLL Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/56916"
          },
          {
            "title": "igsetup-4.2.4488",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54805"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0990"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0990"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0990"
          },
          {
            "trust": 0.6,
            "url": "http://www.integraxor.com/download/rc.msi?4.2.4488"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/73472"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0990"
          },
          {
            "db": "BID",
            "id": "73472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0990"
          },
          {
            "db": "BID",
            "id": "73472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-04-03T00:00:00",
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-04-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "date": "2015-04-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-0990"
          },
          {
            "date": "2015-03-31T00:00:00",
            "db": "BID",
            "id": "73472"
          },
          {
            "date": "2015-04-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "date": "2015-04-03T10:59:12.227000",
            "db": "NVD",
            "id": "CVE-2015-0990"
          },
          {
            "date": "2015-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-04-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-02165"
          },
          {
            "date": "2015-04-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-0990"
          },
          {
            "date": "2015-03-31T00:00:00",
            "db": "BID",
            "id": "73472"
          },
          {
            "date": "2015-04-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          },
          {
            "date": "2015-04-03T15:17:54.550000",
            "db": "NVD",
            "id": "CVE-2015-0990"
          },
          {
            "date": "2015-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "73472"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor SCADA Server Vulnerability gained in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002079"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-051"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201104-0286

    Vulnerability from variot - Updated: 2023-12-18 13:34

    Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to an unspecified SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to IntegraXor 3.60.4050 are vulnerable. ----------------------------------------------------------------------

    Q1 Factsheets released:

    http://secunia.com/resources/factsheets/2011_vendor/


    TITLE: IntegraXor SQL Database Insecure Permissions Security Issue

    SECUNIA ADVISORY ID: SA44105

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44105

    RELEASE DATE: 2011-04-12

    DISCUSS ADVISORY: http://secunia.com/advisories/44105/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/44105/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=44105

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A security issue has been reported in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data.

    SOLUTION: Update to version 3.6.4000.5.

    PROVIDED AND/OR DISCOVERED BY: The vendor credits Dan Rosenberg, Virtual Security Research (VSR).

    ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201104-0286",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "ecava",
            "version": "3.60"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "3.60"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.60.4032"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.5"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "hmi 3.60"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "*"
          },
          {
            "model": "integraxor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4050"
          },
          {
            "model": "integraxor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.5"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          },
          {
            "db": "BID",
            "id": "47019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.60",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-1562"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dan Rosenberg",
        "sources": [
          {
            "db": "BID",
            "id": "47019"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-1562",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2011-1562",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2011-1562",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201104-024",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to an unspecified SQL-injection vulnerability because it fails to properly sanitize user-supplied input. \nExploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nVersions prior to IntegraXor 3.60.4050 are vulnerable. ----------------------------------------------------------------------\n\n\nQ1 Factsheets released:\n\nhttp://secunia.com/resources/factsheets/2011_vendor/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor SQL Database Insecure Permissions Security Issue\n\nSECUNIA ADVISORY ID:\nSA44105\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44105/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105\n\nRELEASE DATE:\n2011-04-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44105/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44105/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in IntegraXor, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation and manipulate certain data. \n\nSOLUTION:\nUpdate to version 3.6.4000.5. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Dan Rosenberg, Virtual Security Research (VSR). \n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-1562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          },
          {
            "db": "BID",
            "id": "47019"
          },
          {
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "100305"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "47019",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-11-082-01",
            "trust": 3.3
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1562",
            "trust": 3.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2011-0761",
            "trust": 1.6
          },
          {
            "db": "XF",
            "id": "66306",
            "trust": 1.4
          },
          {
            "db": "SECUNIA",
            "id": "44105",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-024",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "HTTP://WWW.US-CERT.GOV/CONTROL_SYSTEMS/PDF/ICSA-11-082-01.PDF",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "1BC35CBE-2355-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "C65F51E6-1F9A-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "100305",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          },
          {
            "db": "BID",
            "id": "47019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "db": "PACKETSTORM",
            "id": "100305"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ]
      },
      "id": "VAR-201104-0286",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          }
        ],
        "trust": 1.27383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:34:56.173000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Issue SQL Unauthenticated Vulnerability Note",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
          },
          {
            "title": "Ecava IntegraXor patch for unknown SQL injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/3394"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1562"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-082-01.pdf"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/47019"
          },
          {
            "trust": 1.9,
            "url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
          },
          {
            "trust": 1.6,
            "url": "http://www.vupen.com/english/advisories/2011/0761"
          },
          {
            "trust": 1.4,
            "url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"
          },
          {
            "trust": 1.4,
            "url": "http://xforce.iss.net/xforce/xfdb/66306"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/44105"
          },
          {
            "trust": 1.0,
            "url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1562"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1562"
          },
          {
            "trust": 0.6,
            "url": "http://twitter.com/#!/djrbliss/status/50685527749431296"
          },
          {
            "trust": 0.3,
            "url": "http://www.ecava.com/index.htm"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44105/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44105/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/resources/factsheets/2011_vendor/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          },
          {
            "db": "BID",
            "id": "47019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "db": "PACKETSTORM",
            "id": "100305"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          },
          {
            "db": "BID",
            "id": "47019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "db": "PACKETSTORM",
            "id": "100305"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-03-25T00:00:00",
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-03-25T00:00:00",
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-03-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          },
          {
            "date": "2011-03-23T00:00:00",
            "db": "BID",
            "id": "47019"
          },
          {
            "date": "2011-06-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "date": "2011-04-12T06:01:39",
            "db": "PACKETSTORM",
            "id": "100305"
          },
          {
            "date": "2011-04-05T15:19:35.587000",
            "db": "NVD",
            "id": "CVE-2011-1562"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-03-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1239"
          },
          {
            "date": "2011-04-11T11:35:00",
            "db": "BID",
            "id": "47019"
          },
          {
            "date": "2011-06-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          },
          {
            "date": "2023-11-07T02:07:02.980000",
            "db": "NVD",
            "id": "CVE-2011-1562"
          },
          {
            "date": "2011-04-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor HMI Vulnerabilities that bypass authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001684"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-024"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-201706-0471

    Vulnerability from variot - Updated: 2023-12-18 13:34

    A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. IntegraXor versions 5.2.1231.0 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0471",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "ecava",
            "version": "5.2.1231.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "5.2.1231.0"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "\u003c=5.2.1231.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4410"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4393"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "5.2.722.2"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "5.0.413.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "5.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4450"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4390"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4380"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4369"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4340"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.00"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.72"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.71.4200"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.71"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4061"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4050"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4032"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5"
          },
          {
            "model": "integraxor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "6.0.522.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "db": "BID",
            "id": "99164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6050"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.2.1231.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6050"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Brian Martin of Tenable Security",
        "sources": [
          {
            "db": "BID",
            "id": "99164"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-6050",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-6050",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-15807",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-6050",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6050",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-15807",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-882",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6050"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nIntegraXor versions 5.2.1231.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "db": "BID",
            "id": "99164"
          },
          {
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6050",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-171-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "99164",
            "trust": 2.5
          },
          {
            "db": "TENABLE",
            "id": "TRA-2017-24",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031",
            "trust": 0.8
          },
          {
            "db": "NSFOCUS",
            "id": "36941",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "0852AA5F-E070-4AD6-AB62-B472502A6B07",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "db": "BID",
            "id": "99164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6050"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ]
      },
      "id": "VAR-201706-0471",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:34:11.109000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.integraxor.com/"
          },
          {
            "title": "Ecava IntegraXor SQL Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/98489"
          },
          {
            "title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71126"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6050"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-171-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/99164"
          },
          {
            "trust": 1.0,
            "url": "https://www.tenable.com/security/research/tra-2017-24"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6050"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6050"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/36941"
          },
          {
            "trust": 0.3,
            "url": "https://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "db": "BID",
            "id": "99164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6050"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "db": "BID",
            "id": "99164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6050"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-21T00:00:00",
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          },
          {
            "date": "2017-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "date": "2017-06-20T00:00:00",
            "db": "BID",
            "id": "99164"
          },
          {
            "date": "2017-07-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "date": "2017-06-21T19:29:00.337000",
            "db": "NVD",
            "id": "CVE-2017-6050"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "date": "2017-06-20T00:00:00",
            "db": "BID",
            "id": "99164"
          },
          {
            "date": "2017-07-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005031"
          },
          {
            "date": "2017-11-08T02:29:04.037000",
            "db": "NVD",
            "id": "CVE-2017-6050"
          },
          {
            "date": "2017-06-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor SQL Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-15807"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-882"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201012-0061

    Vulnerability from variot - Updated: 2023-12-18 13:30

    Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dwmapi.dll It may be possible to get permission through the file. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. An untrusted search path vulnerability exists in Ecava IntegraXor 3.6.4000.0 and earlier. Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------

    Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

    Request a free trial: http://secunia.com/products/corporate/vim/


    TITLE: IntegraXor Insecure Library Loading Vulnerability

    SECUNIA ADVISORY ID: SA42734

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42734/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42734

    RELEASE DATE: 2010-12-23

    DISCUSS ADVISORY: http://secunia.com/advisories/42734/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/42734/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=42734

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been discovered in IntegraXor, which can be exploited by malicious people to compromise a user's system.

    The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a IGX file located on a remote WebDAV or SMB share.

    The vulnerability is confirmed in version 3.6.4000.0.

    SOLUTION: Do not open untrusted files.

    PROVIDED AND/OR DISCOVERED BY: Mister Teatime

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201012-0061",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "\u003c=3.6.4000.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "3.6.4000.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          },
          {
            "db": "BID",
            "id": "45549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-4599"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mister Teatime",
        "sources": [
          {
            "db": "BID",
            "id": "45549"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2010-4599",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 6.9,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2010-4599",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "8831bfda-2355-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2010-4599",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201012-315",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "8831bfda-2355-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dwmapi.dll It may be possible to get permission through the file. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. An untrusted search path vulnerability exists in Ecava IntegraXor 3.6.4000.0 and earlier. Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. \nIntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Insecure Library Loading Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42734\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42734/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734\n\nRELEASE DATE:\n2010-12-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42734/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42734/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to the application loading libraries\n(e.g. dwmapi.dll) in an insecure manner. This can be exploited to\nload arbitrary libraries by tricking a user into e.g. opening a IGX\nfile located on a remote WebDAV or SMB share. \n\nThe vulnerability is confirmed in version 3.6.4000.0. \n\nSOLUTION:\nDo not open untrusted files. \n\nPROVIDED AND/OR DISCOVERED BY:\nMister Teatime\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-4599"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          },
          {
            "db": "BID",
            "id": "45549"
          },
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "PACKETSTORM",
            "id": "96916"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-4599",
            "trust": 3.7
          },
          {
            "db": "BID",
            "id": "45549",
            "trust": 3.3
          },
          {
            "db": "SECUNIA",
            "id": "42734",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "8831BFDA-2355-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D73B60F-463F-11E9-BFE4-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "96916",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          },
          {
            "db": "BID",
            "id": "45549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "db": "PACKETSTORM",
            "id": "96916"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ]
      },
      "id": "VAR-201012-0061",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          }
        ],
        "trust": 1.27383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:30:05.742000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "integraxor-3-6-4000-0-dated-17-dec-2010-change-log",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/integraxor-3-6-4000-0-dated-17-dec-2010-change-log"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4599"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "http://www.securityfocus.com/bid/45549"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/42734"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4599"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4599"
          },
          {
            "trust": 0.3,
            "url": "http://blog.rapid7.com/?p=5325"
          },
          {
            "trust": 0.3,
            "url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
          },
          {
            "trust": 0.3,
            "url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
          },
          {
            "trust": 0.3,
            "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
          },
          {
            "trust": 0.3,
            "url": "http://www.ecava.com/index.htm"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/42734/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/42734/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/vim/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          },
          {
            "db": "BID",
            "id": "45549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "db": "PACKETSTORM",
            "id": "96916"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          },
          {
            "db": "BID",
            "id": "45549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "db": "PACKETSTORM",
            "id": "96916"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-4599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-12-24T00:00:00",
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2010-12-24T00:00:00",
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "date": "2010-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          },
          {
            "date": "2010-12-22T00:00:00",
            "db": "BID",
            "id": "45549"
          },
          {
            "date": "2011-01-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "date": "2010-12-23T06:21:20",
            "db": "PACKETSTORM",
            "id": "96916"
          },
          {
            "date": "2010-12-23T18:00:04.027000",
            "db": "NVD",
            "id": "CVE-2010-4599"
          },
          {
            "date": "2010-12-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          },
          {
            "date": "2015-04-13T21:02:00",
            "db": "BID",
            "id": "45549"
          },
          {
            "date": "2011-01-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-002669"
          },
          {
            "date": "2011-01-11T06:46:27.343000",
            "db": "NVD",
            "id": "CVE-2010-4599"
          },
          {
            "date": "2010-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Untrusted Search Path Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3388"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "8831bfda-2355-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201012-315"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-201702-0293

    Vulnerability from variot - Updated: 2023-12-18 13:14

    An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. An attacker could exploit the vulnerability to compromise an affected application, access or modify data, or exploit a potential vulnerability in the underlying database. IntegraXor version 5.0.413.0 is vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0293",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 3.3,
            "vendor": "ecava",
            "version": "5.0.413.0"
          },
          {
            "model": "integraxor",
            "scope": null,
            "trust": 1.4,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": "integraxor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "5.2.722.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "5.0.413.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "db": "BID",
            "id": "95907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:5.0.413.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8341"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Brian Gorenc and Juan Pablo Lopez",
        "sources": [
          {
            "db": "BID",
            "id": "95907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-8341",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-8341",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 2.2,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-01510",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-8341",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-8341",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-8341",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-01510",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-256",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host\u0027s database could be subject to read, write, and delete commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries.  An attacker can leverage this vulnerability to  execute arbitrary code in the context of the current process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. An attacker could exploit the vulnerability to compromise an affected application, access or modify data, or exploit a potential vulnerability in the underlying database. \nIntegraXor version 5.0.413.0 is vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "db": "BID",
            "id": "95907"
          },
          {
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          }
        ],
        "trust": 3.87
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8341",
            "trust": 4.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-031-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "95907",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3824",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-059",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3849",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-058",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "B6A8EEC8-6FCF-4E17-AB05-5BEE56343E5A",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "db": "BID",
            "id": "95907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ]
      },
      "id": "VAR-201702-0293",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:14:25.920000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Ecava has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-031-02"
          },
          {
            "title": "Ecava IGX SCADA",
            "trust": 0.8,
            "url": "https://www.integraxor.com/download-scada/"
          },
          {
            "title": "Ecava IntegraXor has multiple patches for SQL injection vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/89438"
          },
          {
            "title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67544"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8341"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-031-02"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/95907"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8341"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8341"
          },
          {
            "trust": 0.3,
            "url": "http://ecava.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "db": "BID",
            "id": "95907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "db": "BID",
            "id": "95907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-02-17T00:00:00",
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          },
          {
            "date": "2017-02-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "date": "2017-02-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "date": "2017-02-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "date": "2017-01-31T00:00:00",
            "db": "BID",
            "id": "95907"
          },
          {
            "date": "2017-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "date": "2017-02-13T21:59:00.597000",
            "db": "NVD",
            "id": "CVE-2016-8341"
          },
          {
            "date": "2017-01-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-02-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-059"
          },
          {
            "date": "2017-02-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-058"
          },
          {
            "date": "2017-02-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01510"
          },
          {
            "date": "2017-02-02T00:08:00",
            "db": "BID",
            "id": "95907"
          },
          {
            "date": "2017-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          },
          {
            "date": "2017-03-01T23:45:20.513000",
            "db": "NVD",
            "id": "CVE-2016-8341"
          },
          {
            "date": "2017-02-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor of  Web On the server  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007828"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-256"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201302-0027

    Vulnerability from variot - Updated: 2023-12-18 13:09

    Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. Ecava IntegraXor is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: IntegraXor ActiveX Control Buffer Overflow Vulnerability

    SECUNIA ADVISORY ID: SA52073

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52073

    RELEASE DATE: 2013-02-06

    DISCUSS ADVISORY: http://secunia.com/advisories/52073/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/52073/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=52073

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to compromise a vulnerable system.

    Successful exploitation may allow execution of arbitrary code.

    The vulnerability is reported in version 4.00 build 4250.0 and prior.

    SOLUTION: Update to version 4.00 build 4280.0.

    PROVIDED AND/OR DISCOVERED BY: Andrew Brooks

    ORIGINAL ADVISORY: ICS-CERT: http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201302-0027",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.72"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.71"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.00"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "scada server 4.00 build 4250.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.00"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.00.4250"
          },
          {
            "model": "integraxor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.00.4280"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.71"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.72"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "57767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-4700"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andrew Brooks",
        "sources": [
          {
            "db": "BID",
            "id": "57767"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-4700",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2012-4700",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-4700",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201302-128",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. Ecava IntegraXor is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA52073\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52073/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073\n\nRELEASE DATE:\n2013-02-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52073/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52073/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in version 4.00 build 4250.0 and prior. \n\nSOLUTION:\nUpdate to version 4.00 build 4280.0. \n\nPROVIDED AND/OR DISCOVERED BY:\nAndrew Brooks\n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-4700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "db": "BID",
            "id": "57767"
          },
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "120110"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-4700",
            "trust": 2.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-036-02",
            "trust": 2.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "52073",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "57767",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "1AA8E3F0-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "120110",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "57767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "db": "PACKETSTORM",
            "id": "120110"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ]
      },
      "id": "VAR-201302-0027",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 0.47383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:09:36.109000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Issue for ActiveX enabled browser Vulnerability Note",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4700"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://ics-cert.us-cert.gov/pdf/icsa-13-036-02.pdf"
          },
          {
            "trust": 1.9,
            "url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4700"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4700"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/52073"
          },
          {
            "trust": 0.3,
            "url": "http://www.ecava.com/index.htm"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/52073/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/52073/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "57767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "db": "PACKETSTORM",
            "id": "120110"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "57767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "db": "PACKETSTORM",
            "id": "120110"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-02-18T00:00:00",
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-02-05T00:00:00",
            "db": "BID",
            "id": "57767"
          },
          {
            "date": "2013-02-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "date": "2013-02-07T07:09:34",
            "db": "PACKETSTORM",
            "id": "120110"
          },
          {
            "date": "2013-02-08T05:50:40.767000",
            "db": "NVD",
            "id": "CVE-2012-4700"
          },
          {
            "date": "2013-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-02-05T00:00:00",
            "db": "BID",
            "id": "57767"
          },
          {
            "date": "2013-02-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001446"
          },
          {
            "date": "2013-02-08T05:50:40.767000",
            "db": "NVD",
            "id": "CVE-2012-4700"
          },
          {
            "date": "2013-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IntegraXor ActiveX Control Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-128"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201401-0366

    Vulnerability from variot - Updated: 2023-12-18 12:58

    The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a sensitive information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain project directory information. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4369 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0366",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "ecava",
            "version": "3.71.4200"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.71"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.60.4061"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.00"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.72"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "4.1.4369"
          },
          {
            "model": "integraxor",
            "scope": null,
            "trust": 0.6,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "3.5.3900.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "3.5.3900.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "3.6.4000.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "3.60.4061"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "3.71"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "3.71.4200"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "3.72"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "4.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "4.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "*"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4050"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4032"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "524f1eec-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "db": "BID",
            "id": "64351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0752"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4360",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0752"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alphazorx aka technically.screwed",
        "sources": [
          {
            "db": "BID",
            "id": "64351"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-0752",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2014-0752",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2013-15287",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-00197",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "76051468-1ef7-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "524f1eec-2352-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-0752",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-15287",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-00197",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201312-342",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "76051468-1ef7-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "524f1eec-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "524f1eec-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0752"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a sensitive information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain project directory information. Ecava IntegraXor is prone to an information-disclosure vulnerability. \nVersions prior to IntegraXor 4.1.4369 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0752"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "db": "BID",
            "id": "64351"
          },
          {
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "524f1eec-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0752",
            "trust": 3.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-008-01",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "64351",
            "trust": 2.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "76051468-1EF7-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "524F1EEC-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "524f1eec-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "db": "BID",
            "id": "64351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0752"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ]
      },
      "id": "VAR-201401-0366",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "524f1eec-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          }
        ],
        "trust": 1.87383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "524f1eec-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:58:03.397000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ecava.com/"
          },
          {
            "title": "Security Issue for Project Directory Information Disclosure Vulnerability Note",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
          },
          {
            "title": "Ecava IntegraXor SCADA server any project backup file read vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/42265"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0752"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-008-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/64351"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0752"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0752"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "db": "BID",
            "id": "64351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0752"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "524f1eec-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "db": "BID",
            "id": "64351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0752"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-12-18T00:00:00",
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-01-13T00:00:00",
            "db": "IVD",
            "id": "524f1eec-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-12-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "date": "2014-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "date": "2013-12-15T00:00:00",
            "db": "BID",
            "id": "64351"
          },
          {
            "date": "2014-01-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "date": "2014-01-09T18:07:26.597000",
            "db": "NVD",
            "id": "CVE-2014-0752"
          },
          {
            "date": "2013-12-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-12-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "date": "2014-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00197"
          },
          {
            "date": "2014-01-09T13:21:00",
            "db": "BID",
            "id": "64351"
          },
          {
            "date": "2014-01-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001027"
          },
          {
            "date": "2014-01-10T14:56:26.270000",
            "db": "NVD",
            "id": "CVE-2014-0752"
          },
          {
            "date": "2014-01-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Project Directory Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "76051468-1ef7-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-15287"
          },
          {
            "db": "BID",
            "id": "64351"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ],
        "trust": 1.7
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201312-342"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201712-0123

    Vulnerability from variot - Updated: 2023-12-18 12:37

    A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter provided to the getdata page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. Ecava IntegraXor 6.1.1030.1 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0123",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "ecava",
            "version": "6.1.1030.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "6.1.1030.1"
          },
          {
            "model": "integraxor",
            "scope": null,
            "trust": 0.7,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "\u003c=6.1.1030.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "6.0.522.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16735"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.1.1030.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-16735"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley of Source Incite Michael DePlante and Brad Taylor",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1000"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2017-16735",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-16735",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-16735",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-37693",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-16735",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-16735",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2017-16735",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-37693",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-745",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16735"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor.  Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter provided to the getdata page.  The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries.  An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. \nEcava IntegraXor 6.1.1030.1 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-16735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-16735",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-03",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "102223",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5386",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-1000",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-04",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "E2DFA810-39AB-11E9-84D4-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16735"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ]
      },
      "id": "VAR-201712-0123",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:37:03.867000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.integraxor.com/"
          },
          {
            "title": "Ecava has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
          },
          {
            "title": "Patch for Ecava IntegraXor SQL Injection Vulnerability (CNVD-2017-37693)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/111295"
          },
          {
            "title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77237"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16735"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16735"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16735"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-04"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityfocus.com/bid/102223"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16735"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16735"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-21T00:00:00",
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "BID",
            "id": "102223"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "date": "2017-12-20T19:29:00.350000",
            "db": "NVD",
            "id": "CVE-2017-16735"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-20T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-1000"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37693"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "BID",
            "id": "102223"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          },
          {
            "date": "2018-01-04T20:08:51.900000",
            "db": "NVD",
            "id": "CVE-2017-16735"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011531"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-745"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201712-0122

    Vulnerability from variot - Updated: 2023-12-18 12:37

    A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. Authentication is not required to exploit this vulnerability.The specific flaw exists within the batchlist report page. When parsing the 'to' parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. An attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Ecava IntegraXor 6.1.1030.1 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0122",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "ecava",
            "version": "6.1.1030.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "6.1.1030.1"
          },
          {
            "model": "integraxor",
            "scope": null,
            "trust": 0.7,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "\u003c=6.1.1030.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "6.0.522.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.1.1030.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-16733"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley of Source Incite Michael DePlante and Brad Taylor",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-999"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2017-16733",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-16733",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 1.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-37694",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2017-16733",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-16733",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2017-16733",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-37694",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-744",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.  Authentication is not required to exploit this vulnerability.The specific flaw exists within the batchlist report page.  When parsing the \u0027to\u0027 parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. \nAn attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nEcava IntegraXor 6.1.1030.1 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-16733"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-16733",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-03",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "102223",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5385",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-999",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-04",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "E2DFCF22-39AB-11E9-9906-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ]
      },
      "id": "VAR-201712-0122",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:37:03.827000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.integraxor.com/"
          },
          {
            "title": "Ecava has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
          },
          {
            "title": "Patch for Ecava IntegraXor SQL Injection Vulnerability (CNVD-2017-37694)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/111297"
          },
          {
            "title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77236"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16733"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16733"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16733"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-04"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityfocus.com/bid/102223"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "db": "BID",
            "id": "102223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-21T00:00:00",
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "BID",
            "id": "102223"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "date": "2017-12-20T19:29:00.317000",
            "db": "NVD",
            "id": "CVE-2017-16733"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-20T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-999"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37694"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "BID",
            "id": "102223"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          },
          {
            "date": "2018-01-04T20:07:10.517000",
            "db": "NVD",
            "id": "CVE-2017-16733"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011530"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-744"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201409-0185

    Vulnerability from variot - Updated: 2023-12-18 12:30

    Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0185",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "beta 4.1.4392"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "stable 4.1.4360"
          },
          {
            "model": "integraxor scada server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "\u003c=4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "*"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4360"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "db": "BID",
            "id": "69774"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4360",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4392",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2377"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alain Homewood",
        "sources": [
          {
            "db": "BID",
            "id": "69774"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-2377",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2014-2377",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-05986",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-2377",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-05986",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201409-518",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2377"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "db": "BID",
            "id": "69774"
          },
          {
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2377",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-224-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "69774",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "28EBCE7E-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "db": "BID",
            "id": "69774"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ]
      },
      "id": "VAR-201409-0185",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          }
        ],
        "trust": 1.0713851600000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:30:41.038000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/50102"
          },
          {
            "title": "igsetup-4.2.4470",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2377"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2377"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2377"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/69774"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "db": "BID",
            "id": "69774"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "db": "BID",
            "id": "69774"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-18T00:00:00",
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69774"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "date": "2014-09-15T14:55:11.197000",
            "db": "NVD",
            "id": "CVE-2014-2377"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69774"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004167"
          },
          {
            "date": "2014-09-16T13:31:13.060000",
            "db": "NVD",
            "id": "CVE-2014-2377"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05986"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-518"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201409-0184

    Vulnerability from variot - Updated: 2023-12-18 12:30

    SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0184",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "beta 4.1.4392"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "stable 4.1.4360"
          },
          {
            "model": "integraxor scada server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "\u003c=4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "*"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4360"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "db": "BID",
            "id": "69772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2376"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4392",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4360",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2376"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alain Homewood",
        "sources": [
          {
            "db": "BID",
            "id": "69772"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-2376",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2014-2376",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-05987",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "28f66f5a-2352-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-2376",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-05987",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201409-517",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "28f66f5a-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2376"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "db": "BID",
            "id": "69772"
          },
          {
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2376",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-224-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "69772",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "28F66F5A-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "db": "BID",
            "id": "69772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2376"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ]
      },
      "id": "VAR-201409-0184",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          }
        ],
        "trust": 1.0713851600000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:30:41.003000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Ecava Integraxor SCADA Server SQL Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/50104"
          },
          {
            "title": "igsetup-4.2.4470",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2376"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2376"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2376"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/69772"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "db": "BID",
            "id": "69772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2376"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "db": "BID",
            "id": "69772"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2376"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-18T00:00:00",
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69772"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "date": "2014-09-15T14:55:11.150000",
            "db": "NVD",
            "id": "CVE-2014-2376"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-05987"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69772"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          },
          {
            "date": "2014-09-16T13:44:59.070000",
            "db": "NVD",
            "id": "CVE-2014-2376"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor SCADA On the server  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004166"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-517"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201409-0183

    Vulnerability from variot - Updated: 2023-12-18 12:30

    Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0183",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "beta 4.1.4392"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "stable 4.1.4360"
          },
          {
            "model": "integraxor scada server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "\u003c=4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "*"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4360"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "db": "BID",
            "id": "69767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4360",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4392",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2375"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andrea Micalizzi",
        "sources": [
          {
            "db": "BID",
            "id": "69767"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-2375",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2014-2375",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-05990",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-2375",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-05990",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201409-516",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This  may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "db": "BID",
            "id": "69767"
          },
          {
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2375",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-224-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "69767",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "28FE4BBC-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "db": "BID",
            "id": "69767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ]
      },
      "id": "VAR-201409-0183",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          }
        ],
        "trust": 1.0713851600000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:30:40.969000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Ecava Integraxor SCADA Server patch for arbitrary file read and write vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/50105"
          },
          {
            "title": "igsetup-4.2.4470",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2375"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2375"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2375"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/69767"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "db": "BID",
            "id": "69767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "db": "BID",
            "id": "69767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-18T00:00:00",
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69767"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "date": "2014-09-15T14:55:11.103000",
            "db": "NVD",
            "id": "CVE-2014-2375"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69767"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004165"
          },
          {
            "date": "2014-09-16T13:47:49.977000",
            "db": "NVD",
            "id": "CVE-2014-2375"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava Integraxor SCADA Server Arbitrary file read and write vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-05990"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-516"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201405-0459

    Vulnerability from variot - Updated: 2023-12-18 12:30

    Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the "guest" user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4393 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0459",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.1.4369"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.1.4380"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.1.4340"
          },
          {
            "model": "integraxor",
            "scope": null,
            "trust": 1.4,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4390"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "4.1.4393"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.x"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4390"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4392"
          },
          {
            "model": "integraxor scada server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.71.4200"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4050"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4032"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.1.4340"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.1.4360"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.1.4369"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.1.4380"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "06e54bac-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "db": "BID",
            "id": "69776"
          },
          {
            "db": "BID",
            "id": "66554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4380:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4390",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4340:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0786"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andrea Micalizzi (rgod)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2014-0786",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0786",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2014-0786",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-02109",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "06e54bac-2352-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-0786",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-0786",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-02109",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201404-616",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "06e54bac-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "06e54bac-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the \"guest\" user.  The issue lies in the ability the retrieve all project credentials.  By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. \nVersions prior to IntegraXor 4.1.4393 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0786"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "db": "BID",
            "id": "69776"
          },
          {
            "db": "BID",
            "id": "66554"
          },
          {
            "db": "IVD",
            "id": "06e54bac-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 4.14
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0786",
            "trust": 5.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-091-01",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "66554",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-616",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2310",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-369",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2041",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-224-01",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "69776",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "06E54BAC-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "06e54bac-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "db": "BID",
            "id": "69776"
          },
          {
            "db": "BID",
            "id": "66554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ]
      },
      "id": "VAR-201405-0459",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "06e54bac-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          }
        ],
        "trust": 1.0713851600000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "06e54bac-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:30:40.922000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Account Information Disclosure Vulnerability Note",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
          },
          {
            "title": "Ecava has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
          },
          {
            "title": "Ecava has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-091-01"
          },
          {
            "title": "Ecava IntegraXor Account Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/44617"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0786"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-091-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
          },
          {
            "trust": 1.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0786"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0786"
          },
          {
            "trust": 0.6,
            "url": "http://www.integraxor.com/blog/account-information-disclosure-vulnerability-note/"
          },
          {
            "trust": 0.6,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "db": "BID",
            "id": "69776"
          },
          {
            "db": "BID",
            "id": "66554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "06e54bac-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "db": "BID",
            "id": "69776"
          },
          {
            "db": "BID",
            "id": "66554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-03T00:00:00",
            "db": "IVD",
            "id": "06e54bac-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-10-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "date": "2014-05-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "date": "2014-04-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69776"
          },
          {
            "date": "2014-04-01T00:00:00",
            "db": "BID",
            "id": "66554"
          },
          {
            "date": "2014-05-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "date": "2014-05-01T01:56:10.490000",
            "db": "NVD",
            "id": "CVE-2014-0786"
          },
          {
            "date": "2014-04-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "date": "2014-05-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-117"
          },
          {
            "date": "2014-05-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02109"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69776"
          },
          {
            "date": "2014-10-29T00:59:00",
            "db": "BID",
            "id": "66554"
          },
          {
            "date": "2014-05-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002340"
          },
          {
            "date": "2014-05-01T16:18:09.443000",
            "db": "NVD",
            "id": "CVE-2014-0786"
          },
          {
            "date": "2014-05-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-369"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-117"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-616"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201604-0073

    Vulnerability from variot - Updated: 2023-12-18 12:20

    Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A remote attacker can exploit the vulnerability to steal cookies and log in as an administrator. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0073",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "5.0 build 4522"
          },
          {
            "model": "integraxor build",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "5.04522"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b0282c-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.2.4502",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2304"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-2304",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-2304",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-02341",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "58b0282c-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-2304",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-2304",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02341",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-318",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "58b0282c-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b0282c-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A remote attacker can exploit the vulnerability to steal cookies and log in as an administrator. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security  bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6.  Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal  cookie-based authentication credentials, compromise the application,  access or modify data, or exploit latent vulnerabilities in the  underlying database, gain access to sensitive information or bypass  security restrictions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2304"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "IVD",
            "id": "58b0282c-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2304",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-105-03",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "86088",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "58B0282C-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b0282c-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ]
      },
      "id": "VAR-201604-0073",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "58b0282c-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b0282c-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:36.207000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/?utm_expid=85936669-18.g6a4ksnotkmqs1o7qp5nng.1\u0026utm_referrer=http%3a%2f%2fjvndb.jvn.jp%2fja%2fcontents%2f2016%2fjvndb-2016-002350.html"
          },
          {
            "title": "Patch for Ecava IntegraXor Information Disclosure Vulnerability (CNVD-2016-02341)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/74344"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2304"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2304"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2304"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "58b0282c-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "IVD",
            "id": "58b0282c-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "date": "2016-04-14T00:00:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-05-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "date": "2016-04-22T00:59:05.447000",
            "db": "NVD",
            "id": "CVE-2016-2304"
          },
          {
            "date": "2016-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02341"
          },
          {
            "date": "2016-07-06T14:31:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-05-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          },
          {
            "date": "2016-04-28T18:15:24.497000",
            "db": "NVD",
            "id": "CVE-2016-2304"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Vulnerability in which important information is obtained",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002362"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-318"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201604-0069

    Vulnerability from variot - Updated: 2023-12-18 12:20

    Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0069",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "5.0 build 4522"
          },
          {
            "model": "integraxor build",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "5.04522"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b67af6-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.2.4502",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2300"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-2300",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-2300",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-02334",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "58b67af6-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-2300",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-2300",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02334",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-320",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "58b67af6-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b67af6-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security  bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "IVD",
            "id": "58b67af6-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2300",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-105-03",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "86088",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "58B67AF6-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b67af6-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ]
      },
      "id": "VAR-201604-0069",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "58b67af6-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b67af6-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:36.174000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Ecava IntegraXor Permissions bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/74346"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2300"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2300"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2300"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "58b67af6-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "IVD",
            "id": "58b67af6-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "date": "2016-04-14T00:00:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "date": "2016-04-22T00:59:01.370000",
            "db": "NVD",
            "id": "CVE-2016-2300"
          },
          {
            "date": "2016-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02334"
          },
          {
            "date": "2016-07-06T14:31:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          },
          {
            "date": "2016-04-27T18:16:14.233000",
            "db": "NVD",
            "id": "CVE-2016-2300"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Vulnerabilities that bypass authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002345"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-320"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201604-0070

    Vulnerability from variot - Updated: 2023-12-18 12:20

    SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor is a web-based tool for Ecava Malaysia to create and run HMI interfaces (human machine interfaces) for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0070",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "5.0 build 4522"
          },
          {
            "model": "integraxor build",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "5.04522"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.2.4502",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2301"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-2301",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-2301",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-02397",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "f20a055e-8897-11e7-a432-000c2975a0fc",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-2301",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-2301",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02397",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-322",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "f20a055e-8897-11e7-a432-000c2975a0fc",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor is a web-based tool for Ecava Malaysia to create and run HMI interfaces (human machine interfaces) for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security  bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6.  Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal  cookie-based authentication credentials, compromise the application,  access or modify data, or exploit latent vulnerabilities in the  underlying database, gain access to sensitive information or bypass  security restrictions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2301"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2301",
            "trust": 3.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-105-03",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "86088",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "F20A055E-8897-11E7-A432-000C2975A0FC",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "58B1F1E8-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ]
      },
      "id": "VAR-201604-0070",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          }
        ],
        "trust": 1.27383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:36.078000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Ecava IntegraXor SQL Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/74422"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2301"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2301"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2301"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-20T00:00:00",
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "date": "2016-04-20T00:00:00",
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "date": "2016-04-14T00:00:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "date": "2016-04-22T00:59:02.637000",
            "db": "NVD",
            "id": "CVE-2016-2301"
          },
          {
            "date": "2016-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "date": "2016-07-06T14:31:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002346"
          },
          {
            "date": "2016-04-27T18:04:19.940000",
            "db": "NVD",
            "id": "CVE-2016-2301"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor SQL Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02397"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "f20a055e-8897-11e7-a432-000c2975a0fc"
          },
          {
            "db": "IVD",
            "id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-322"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-201604-0072

    Vulnerability from variot - Updated: 2023-12-18 12:20

    CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Ecava IntegraXor Is CRLF An injection vulnerability exists. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. The Ecava IntegraXor HMI failed to properly handle specific elements in the input, allowing remote attackers to exploit the vulnerability to bypass security restrictions. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0072",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "5.0 build 4522"
          },
          {
            "model": "integraxor build",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "5.04522"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.2.4502",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2303"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-2303",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-2303",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-02330",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "58af9c0e-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-2303",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-2303",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02330",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-319",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "58af9c0e-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Ecava IntegraXor Is CRLF An injection vulnerability exists. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. The Ecava IntegraXor HMI failed to properly handle specific elements in the input, allowing remote attackers to exploit the vulnerability to bypass security restrictions. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security  bypass vulnerabilities\n4.  Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal  cookie-based authentication credentials, compromise the application,  access or modify data, or exploit latent vulnerabilities in the  underlying database, gain access to sensitive information or bypass  security restrictions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "IVD",
            "id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2303",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-105-03",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "86088",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "58AF9C0E-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ]
      },
      "id": "VAR-201604-0072",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:36.044000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Ecava IntegraXor HMI Permissions Bypass Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/74340"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2303"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2303"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2303"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "IVD",
            "id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "date": "2016-04-14T00:00:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "date": "2016-04-22T00:59:04.540000",
            "db": "NVD",
            "id": "CVE-2016-2303"
          },
          {
            "date": "2016-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02330"
          },
          {
            "date": "2016-07-06T14:31:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          },
          {
            "date": "2016-04-27T18:33:32.463000",
            "db": "NVD",
            "id": "CVE-2016-2303"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor In  CRLF Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002348"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-319"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201604-0075

    Vulnerability from variot - Updated: 2023-12-18 12:20

    The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A transport unencrypted vulnerability exists in versions of Ecava IntegraXor 5.0 build prior to 4522 that originated from the HMI web server transmitting unencrypted data. A remote attacker could exploit this vulnerability to gain full access to the affected system. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0075",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "5.0 build 4522"
          },
          {
            "model": "integraxor build",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "5.04522"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b13578-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.2.4502",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2306"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-2306",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2016-2306",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-02332",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "58b13578-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-2306",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-2306",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02332",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-316",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "58b13578-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b13578-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A transport unencrypted vulnerability exists in versions of Ecava IntegraXor 5.0 build prior to 4522 that originated from the HMI web server transmitting unencrypted data. A remote attacker could exploit this vulnerability to gain full access to the affected system. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security  bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6.  Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal  cookie-based authentication credentials, compromise the application,  access or modify data, or exploit latent vulnerabilities in the  underlying database, gain access to sensitive information or bypass  security restrictions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "IVD",
            "id": "58b13578-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2306",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-105-03",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "86088",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "58B13578-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b13578-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ]
      },
      "id": "VAR-201604-0075",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "58b13578-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b13578-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:36.009000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Ecava IntegraXor transmits patches for unencrypted vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/74341"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2306"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2306"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2306"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "58b13578-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "IVD",
            "id": "58b13578-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "date": "2016-04-14T00:00:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "date": "2016-04-22T00:59:07.447000",
            "db": "NVD",
            "id": "CVE-2016-2306"
          },
          {
            "date": "2016-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02332"
          },
          {
            "date": "2016-07-06T14:31:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          },
          {
            "date": "2016-04-27T18:12:48.483000",
            "db": "NVD",
            "id": "CVE-2016-2306"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor of  HMI Web Vulnerability in server that can retrieve important plaintext information",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002350"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-316"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201604-0074

    Vulnerability from variot - Updated: 2023-12-18 12:20

    Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0074",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "5.0 build 4522"
          },
          {
            "model": "integraxor build",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "5.04522"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b0b288-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.2.4502",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2305"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-2305",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-2305",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-02333",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "58b0b288-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-2305",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-2305",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02333",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-317",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "58b0b288-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b0b288-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security  bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6.  Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal  cookie-based authentication credentials, compromise the application,  access or modify data, or exploit latent vulnerabilities in the  underlying database, gain access to sensitive information or bypass  security restrictions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2305"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "IVD",
            "id": "58b0b288-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2305",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-105-03",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "86088",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "58B0B288-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b0b288-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ]
      },
      "id": "VAR-201604-0074",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "58b0b288-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58b0b288-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:35.974000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Patch for Ecava IntegraXor Cross-Site Scripting Vulnerability (CNVD-2016-02333)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/74342"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2305"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2305"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2305"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "58b0b288-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "IVD",
            "id": "58b0b288-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "date": "2016-04-14T00:00:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "date": "2016-04-22T00:59:06.433000",
            "db": "NVD",
            "id": "CVE-2016-2305"
          },
          {
            "date": "2016-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02333"
          },
          {
            "date": "2016-07-06T14:31:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          },
          {
            "date": "2016-04-27T18:35:16.613000",
            "db": "NVD",
            "id": "CVE-2016-2305"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002349"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-317"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201604-0071

    Vulnerability from variot - Updated: 2023-12-18 12:20

    Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0071",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "5.0 build 4522"
          },
          {
            "model": "integraxor build",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "5.04522"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.2.4502"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2302"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.2.4502",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2302"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-2302",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-2302",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-02340",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "58aefd8a-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-2302",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-2302",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02340",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-321",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "58aefd8a-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-2302",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2302"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A Cross-site scripting vulnerability\n3. Multiple security  bypass vulnerabilities\n4. An authorization bypass vulnerability\n5.  Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal  cookie-based authentication credentials, compromise the application,  access or modify data, or exploit latent vulnerabilities in the  underlying database, gain access to sensitive information or bypass  security restrictions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-2302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2302"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-2302",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-105-03",
            "trust": 3.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "86088",
            "trust": 0.4
          },
          {
            "db": "IVD",
            "id": "58AEFD8A-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2302",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2302"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2302"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ]
      },
      "id": "VAR-201604-0071",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:35.937000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.integraxor.com/"
          },
          {
            "title": "Patch for Ecava IntegraXor Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/74347"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2302"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2302"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2302"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/200.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/86088"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2302"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2302"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-2302"
          },
          {
            "db": "BID",
            "id": "86088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-2302"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-2302"
          },
          {
            "date": "2016-04-14T00:00:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "date": "2016-04-22T00:59:03.620000",
            "db": "NVD",
            "id": "CVE-2016-2302"
          },
          {
            "date": "2016-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          },
          {
            "date": "2016-04-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-2302"
          },
          {
            "date": "2016-07-06T14:31:00",
            "db": "BID",
            "id": "86088"
          },
          {
            "date": "2016-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-002347"
          },
          {
            "date": "2016-04-27T18:11:28.973000",
            "db": "NVD",
            "id": "CVE-2016-2302"
          },
          {
            "date": "2016-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02340"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-321"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201107-0258

    Vulnerability from variot - Updated: 2023-12-18 12:10

    Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ecava IntegraXor is a human interface product that uses HTML and SVG. A cross-site scripting vulnerability exists in Ecava IntegraXor. Because the application lacks filtering of user-submitted data, an attacker exploits a vulnerability to steal cookie-based authentication credentials and execute arbitrary code in an uninformed user's browser in the context of the affected site. Ecava IntegraXor is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Ecava IntegraXor versions prior to 3.60.4080 are vulnerable. ----------------------------------------------------------------------

    The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.

    Read more and request a free trial: http://secunia.com/products/corporate/vim/


    TITLE: IntegraXor Unspecified Cross-Site Scripting Vulnerability

    SECUNIA ADVISORY ID: SA44321

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44321/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44321

    RELEASE DATE: 2011-08-03

    DISCUSS ADVISORY: http://secunia.com/advisories/44321/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/44321/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=44321

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to conduct cross-site scripting attacks.

    Certain unspecified input is not properly sanitised before being returned to the user.

    SOLUTION: Update to version 3.60 Build 4080.

    PROVIDED AND/OR DISCOVERED BY: An anonymous researcher via ICS CERT.

    ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/security-issue-xss-vulnerability-note

    ICS CERT (ICSA-11-147-02): http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201107-0258",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "ecava",
            "version": "3.60"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "3.60.4061"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ecava",
            "version": "3.60.4061"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "3.x"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "3.60 (build 4080)"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4050"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4032"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.6.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5.4000.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.5"
          },
          {
            "model": "integraxor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ecava",
            "version": "3.60.4080"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.5.3900.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.5.3900.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.6.4000.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.60"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          },
          {
            "db": "BID",
            "id": "73788"
          },
          {
            "db": "BID",
            "id": "48958"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.60.4061",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.60:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-2958"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "73788"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-2958",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2011-2958",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2011-2958",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201107-434",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ecava IntegraXor is a human interface product that uses HTML and SVG. A cross-site scripting vulnerability exists in Ecava IntegraXor. Because the application lacks filtering of user-submitted data, an attacker exploits a vulnerability to steal cookie-based authentication credentials and execute arbitrary code in an uninformed user\u0027s browser in the context of the affected site. Ecava IntegraXor is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nEcava IntegraXor versions prior to 3.60.4080 are vulnerable. ----------------------------------------------------------------------\n\nThe Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. \n\nRead more and request a free trial:\nhttp://secunia.com/products/corporate/vim/\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Unspecified Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA44321\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44321/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321\n\nRELEASE DATE:\n2011-08-03\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44321/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44321/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to conduct cross-site scripting\nattacks. \n\nCertain unspecified input is not properly sanitised before being\nreturned to the user. \n\nSOLUTION:\nUpdate to version 3.60 Build 4080. \n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher via ICS CERT. \n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/security-issue-xss-vulnerability-note\n\nICS CERT (ICSA-11-147-02):\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-2958"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          },
          {
            "db": "BID",
            "id": "73788"
          },
          {
            "db": "BID",
            "id": "48958"
          },
          {
            "db": "IVD",
            "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "103691"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-11-147-02",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2958",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "48958",
            "trust": 1.5
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-064",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "68896",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "73788",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "C2A1AA96-2354-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "01AC8DC0-1F8E-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "SECUNIA",
            "id": "44321",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "103691",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          },
          {
            "db": "BID",
            "id": "73788"
          },
          {
            "db": "BID",
            "id": "48958"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "db": "PACKETSTORM",
            "id": "103691"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ]
      },
      "id": "VAR-201107-0258",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          }
        ],
        "trust": 1.27383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:10:35.023000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Issue XSS Vulnerability Note",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
          },
          {
            "title": "Patch for Ecava IntegraXor Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/4603"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2958"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-147-02.pdf"
          },
          {
            "trust": 2.3,
            "url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/48958"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68896"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2958"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2958"
          },
          {
            "trust": 0.3,
            "url": "http://xforce.iss.net/xforce/xfdb/68896"
          },
          {
            "trust": 0.3,
            "url": "http://www.ecava.com/index.htm"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44321/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/vim/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44321/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          },
          {
            "db": "BID",
            "id": "73788"
          },
          {
            "db": "BID",
            "id": "48958"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "db": "PACKETSTORM",
            "id": "103691"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          },
          {
            "db": "BID",
            "id": "73788"
          },
          {
            "db": "BID",
            "id": "48958"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "db": "PACKETSTORM",
            "id": "103691"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-2958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-29T00:00:00",
            "db": "IVD",
            "id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-08-03T00:00:00",
            "db": "IVD",
            "id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-08-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          },
          {
            "date": "2011-07-28T00:00:00",
            "db": "BID",
            "id": "73788"
          },
          {
            "date": "2011-08-02T00:00:00",
            "db": "BID",
            "id": "48958"
          },
          {
            "date": "2011-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "date": "2011-08-03T03:38:13",
            "db": "PACKETSTORM",
            "id": "103691"
          },
          {
            "date": "2011-07-28T18:55:04.237000",
            "db": "NVD",
            "id": "CVE-2011-2958"
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201108-064"
          },
          {
            "date": "2011-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-08-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-2970"
          },
          {
            "date": "2011-07-28T00:00:00",
            "db": "BID",
            "id": "73788"
          },
          {
            "date": "2011-08-02T00:00:00",
            "db": "BID",
            "id": "48958"
          },
          {
            "date": "2011-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003487"
          },
          {
            "date": "2017-08-29T01:29:53.287000",
            "db": "NVD",
            "id": "CVE-2011-2958"
          },
          {
            "date": "2011-08-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201108-064"
          },
          {
            "date": "2011-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xss",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "103691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201107-434"
          }
        ],
        "trust": 1.3
      }
    }

    VAR-201401-0367

    Vulnerability from variot - Updated: 2023-12-18 12:08

    Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a buffer overflow vulnerability that could be exploited by an attacker using any resource in any DLL in the command loader's home folder. Successful exploitation of the vulnerability could cause an application to crash or execute arbitrary code in the application context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Successful exploits will allow attackers to crash the system, denying service to legitimate users. IntegraXor 4.1.4380 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0367",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.71"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.60.4061"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.00"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.5.3900.10"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.6.4000.0"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.1.4360"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.71.4200"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "4.1"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.72"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ecava",
            "version": "3.5.3900.5"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4369"
          },
          {
            "model": "integraxor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ecava",
            "version": "4.1.4380"
          },
          {
            "model": "integraxor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ecava",
            "version": "4.1.4390"
          },
          {
            "model": "integraxor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ecava",
            "version": "4.1.4380"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.5.3900.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.5.3900.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.6.4000.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.60.4061"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.71"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.71.4200"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "3.72"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.1.4360"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "4.1.4369"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "integraxor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0753"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4380",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0753"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Luigi Auriemma at the S4 2014 conference",
        "sources": [
          {
            "db": "BID",
            "id": "64972"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-0753",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2014-0753",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-00448",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "4761ae78-2352-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-0753",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-00448",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201401-400",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "4761ae78-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0753"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a buffer overflow vulnerability that could be exploited by an attacker using any resource in any DLL in the command loader\u0027s home folder. Successful exploitation of the vulnerability could cause an application to crash or execute arbitrary code in the application context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. \nSuccessful exploits will allow attackers to crash the system, denying service to legitimate users. \nIntegraXor 4.1.4380 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0753"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "db": "BID",
            "id": "64972"
          },
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0753",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-016-01",
            "trust": 3.0
          },
          {
            "db": "OSVDB",
            "id": "102171",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "64972",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-400",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219",
            "trust": 0.8
          },
          {
            "db": "ICS CERT ALERT",
            "id": "ICS-ALERT-14-015-01",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "56529",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "4761AE78-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "db": "BID",
            "id": "64972"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0753"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ]
      },
      "id": "VAR-201401-0367",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          }
        ],
        "trust": 1.07383092
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:08:53.737000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Buffer Overflow Vulnerability Note",
            "trust": 0.8,
            "url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
          },
          {
            "title": "Patch for Ecava IntegraXor Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/42590"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0753"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-016-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
          },
          {
            "trust": 1.0,
            "url": "http://osvdb.org/102171"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0753"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0753"
          },
          {
            "trust": 0.6,
            "url": "http://ics-cert.us-cert.gov/alerts/ics-alert-14-015-01"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/56529"
          },
          {
            "trust": 0.3,
            "url": "http://www.integraxor.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "db": "BID",
            "id": "64972"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0753"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "db": "BID",
            "id": "64972"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0753"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-21T00:00:00",
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-01-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "date": "2014-01-16T00:00:00",
            "db": "BID",
            "id": "64972"
          },
          {
            "date": "2014-01-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "date": "2014-01-21T01:55:03.620000",
            "db": "NVD",
            "id": "CVE-2014-0753"
          },
          {
            "date": "2014-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          },
          {
            "date": "2014-01-20T01:02:00",
            "db": "BID",
            "id": "64972"
          },
          {
            "date": "2014-01-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001219"
          },
          {
            "date": "2015-08-21T15:13:54.280000",
            "db": "NVD",
            "id": "CVE-2014-0753"
          },
          {
            "date": "2014-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00448"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "4761ae78-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-400"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202203-2060

    Vulnerability from variot - Updated: 2022-05-17 02:10

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-2060",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": null,
            "trust": 0.7,
            "vendor": "ecava",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tran Van Khang - khangkito (VinCSS)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "ZDI-22-486",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-22-486",
                "trust": 0.7,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14381",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-486",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ]
      },
      "id": "VAR-202203-2060",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5752315
      },
      "last_update_date": "2022-05-17T02:10:25.526000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-486"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-202203-2081

    Vulnerability from variot - Updated: 2022-05-17 02:10

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-2081",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": null,
            "trust": 0.7,
            "vendor": "ecava",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tran Van Khang - khangkito (VinCSS)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "ZDI-22-488",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-22-488",
                "trust": 0.7,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14383",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-488",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ]
      },
      "id": "VAR-202203-2081",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5752315
      },
      "last_update_date": "2022-05-17T02:10:25.516000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-488"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201312-0633

    Vulnerability from variot - Updated: 2022-05-17 02:09

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the storing of credentials in cleartext. The issue lies in the ability to bypass file access restrictions. This can be used along with the automatic creation of backup files, which are created whenever changes are made to a project. By abusing this flaw an attacker can disclose credentials and possibly leverage this situation to achieve remote code execution.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0633",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": null,
            "trust": 0.7,
            "vendor": "ecava",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alphazorx aka technically.screwed",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "ZDI-13-277",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-13-277",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the storing of credentials in cleartext.  The issue lies in the ability to bypass file access restrictions.  This can be used along with the automatic creation of backup files, which are created whenever changes are made to a project.  By abusing this flaw an attacker can disclose credentials and possibly leverage this situation to achieve remote code execution.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1988",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-277",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ]
      },
      "id": "VAR-201312-0633",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5752315
      },
      "last_update_date": "2022-05-17T02:09:05.466000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ecava IntegraXor Project Directory Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-277"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-202203-2055

    Vulnerability from variot - Updated: 2022-05-17 02:08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-2055",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integraxor",
            "scope": null,
            "trust": 0.7,
            "vendor": "ecava",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tran Van Khang - khangkito (VinCSS)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "ZDI-22-491",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-22-491",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14445",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-491",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ]
      },
      "id": "VAR-202203-2055",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5752315
      },
      "last_update_date": "2022-05-17T02:08:52.093000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-491"
          }
        ],
        "trust": 0.7
      }
    }