Search criteria
113 vulnerabilities found for IntegraXor by Ecava
VAR-201604-0068
Vulnerability from variot - Updated: 2024-02-13 22:39SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists in the handling of summary_opt report requests. The vulnerability is caused by the lack of input validation before using remotely supplied strings to construct SQL queries. By sending a specially crafted request to a vulnerable system, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code in the context of the process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor failed to perform input validation. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 4.1,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
}
],
"trust": 3.0
},
"cve": "CVE-2016-2299",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2299",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 4.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02275",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-2299",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-2299",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2299",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02275",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-256",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-2299",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists in the handling of summary_opt report requests. The vulnerability is caused by the lack of input validation before using remotely supplied strings to construct SQL queries. By sending a specially crafted request to a vulnerable system, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code in the context of the process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor failed to perform input validation. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2299"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2299",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 2.8
},
{
"db": "ZDI",
"id": "ZDI-16-240",
"trust": 2.1
},
{
"db": "ZDI",
"id": "ZDI-16-236",
"trust": 2.1
},
{
"db": "ZDI",
"id": "ZDI-16-239",
"trust": 2.1
},
{
"db": "ZDI",
"id": "ZDI-16-237",
"trust": 2.1
},
{
"db": "ZDI",
"id": "ZDI-16-238",
"trust": 2.1
},
{
"db": "CNVD",
"id": "CNVD-2016-02275",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3322",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3325",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3321",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3326",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3320",
"trust": 0.7
},
{
"db": "BID",
"id": "86026",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B5AA68-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2016-2299",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"id": "VAR-201604-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
}
]
},
"last_update_date": "2024-02-13T22:39:02.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ecava has produced a new release that addresses the reported vulnerabilities, as well as some identified security risks, in Version 5.0, build 4522. and https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"trust": 3.5,
"url": "http://www.integraxor.com/download/beta.msi?5.0.4522.2"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com"
},
{
"title": "Patch for Ecava IntegraXor Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74223"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 6.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 4.1,
"url": "http://www.integraxor.com/download/beta.msi?5.0.4522.2"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-238"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-237"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-239"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-240"
},
{
"trust": 1.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-236"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2299"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2299"
},
{
"trust": 0.3,
"url": "http://ecava.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"db": "BID",
"id": "86026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-18T00:00:00",
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"date": "2016-04-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"date": "2016-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"date": "2016-04-12T00:00:00",
"db": "BID",
"id": "86026"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"date": "2016-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"date": "2016-04-22T00:59:00.120000",
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-240"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-236"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-239"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-237"
},
{
"date": "2016-04-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-238"
},
{
"date": "2016-04-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02275"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2299"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86026"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002344"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-256"
},
{
"date": "2016-12-03T03:24:56.053000",
"db": "NVD",
"id": "CVE-2016-2299"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02275"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "58b5aa68-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-256"
}
],
"trust": 0.8
}
}
VAR-201012-0059
Vulnerability from variot - Updated: 2023-12-18 14:02Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. Ecava IntegraXor Contains a buffer overflow vulnerability. Ecava IntegraXor Is 1024 Writing over bytes can cause a buffer overflow on the stack.Ecava IntegraXor Service disruption by a third party with access to (DoS) An attacker may be able to attack or execute arbitrary code. Ecava IntegraXor is a human interface product that uses HTML and SVG. When sending a request that exceeds 1024 bytes, IntegraXor will write out the buffer and destroy the memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: IntegraXor Project ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA42650
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42650/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42650
RELEASE DATE: 2010-12-27
DISCUSS ADVISORY: http://secunia.com/advisories/42650/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42650/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42650
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in IntegraXor, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 3.5.3900.5. Other versions may also be affected.
SOLUTION: Update to version 3.5.3900.10 or later.
PROVIDED AND/OR DISCOVERED BY: Jeremy Brown
ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.5,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "v3.5 (build 3900.10) earlier"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
}
],
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5.3900.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeremy Brown",
"sources": [
{
"db": "BID",
"id": "45487"
}
],
"trust": 0.3
},
"cve": "CVE-2010-4597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-4597",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-4597",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#603928",
"trust": 0.8,
"value": "21.83"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-313",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2010-4597",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. Ecava IntegraXor Contains a buffer overflow vulnerability. Ecava IntegraXor Is 1024 Writing over bytes can cause a buffer overflow on the stack.Ecava IntegraXor Service disruption by a third party with access to (DoS) An attacker may be able to attack or execute arbitrary code. Ecava IntegraXor is a human interface product that uses HTML and SVG. When sending a request that exceeds 1024 bytes, IntegraXor will write out the buffer and destroy the memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Project ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42650\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42650/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650\n\nRELEASE DATE:\n2010-12-27\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42650/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42650/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in version 3.5.3900.5. Other versions\nmay also be affected. \n\nSOLUTION:\nUpdate to version 3.5.3900.10 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nJeremy Brown\n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "PACKETSTORM",
"id": "97061"
}
],
"trust": 3.87
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=15767",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4597"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#603928",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2010-4597",
"trust": 3.4
},
{
"db": "BID",
"id": "45487",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-10-322-01",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2010-3275",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "42650",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "15767",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2010-3307",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "16220",
"trust": 0.6
},
{
"db": "IVD",
"id": "8881EA8C-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7ABAF0-463F-11E9-AF73-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7C5841BA-1FA5-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2010-4597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97061",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "PACKETSTORM",
"id": "97061"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
]
},
"id": "VAR-201012-0059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
}
],
"trust": 1.47383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
}
]
},
"last_update_date": "2023-12-18T14:02:14.196000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IntegraXor 3.5 SCADA Security Issue 20101006-0109 Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"title": "Patch for Ecava IntegraXor Remote Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/2206"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/603928"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-322-01.pdf"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/45487"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/3275"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/42650"
},
{
"trust": 1.8,
"url": "http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/15767"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4597"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu603928"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4597"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/603928http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/16220"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/15767/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42650/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42650"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42650/#comments"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "PACKETSTORM",
"id": "97061"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#603928"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"db": "BID",
"id": "45487"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"db": "PACKETSTORM",
"id": "97061"
},
{
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-21T00:00:00",
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"date": "2010-12-21T00:00:00",
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-17T00:00:00",
"db": "CERT/CC",
"id": "VU#603928"
},
{
"date": "2010-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"date": "2010-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"date": "2010-12-16T00:00:00",
"db": "BID",
"id": "45487"
},
{
"date": "2011-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"date": "2010-12-27T07:39:20",
"db": "PACKETSTORM",
"id": "97061"
},
{
"date": "2010-12-23T18:00:03.823000",
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-21T00:00:00",
"db": "CERT/CC",
"id": "VU#603928"
},
{
"date": "2010-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3307"
},
{
"date": "2011-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2010-4597"
},
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "45487"
},
{
"date": "2011-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002661"
},
{
"date": "2011-01-11T06:46:27.093000",
"db": "NVD",
"id": "CVE-2010-4597"
},
{
"date": "2010-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Remote Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-3307"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "8881ea8c-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7abaf0-463f-11e9-af73-000c29342cb1"
},
{
"db": "IVD",
"id": "7c5841ba-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-313"
}
],
"trust": 1.2
}
}
VAR-201012-0060
Vulnerability from variot - Updated: 2023-12-18 13:53Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: IntegraXor "file_name" File Disclosure Vulnerability
SECUNIA ADVISORY ID: SA42730
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42730
RELEASE DATE: 2010-12-23
DISCUSS ADVISORY: http://secunia.com/advisories/42730/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42730/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42730
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Luigi Auriemma has discovered a vulnerability in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed to the "file_name" parameter in "//open" (where "" is a valid project) is not properly verified before being used to display files.
Successful exploitation requires the IntegraXor Server to be started and running a project (off by default).
The vulnerability is confirmed in version 3.6.4000.0.
SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists).
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/integraxor_1-adv.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 2.5,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 2.5,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.5,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "integraxor",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "3.6.4000.1 earlier"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=3.6.4000.0"
}
],
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.6.4000.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "45535"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
],
"trust": 0.9
},
"cve": "CVE-2010-4598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2010-4598",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "8876dc14-2355-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-4598",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#979776",
"trust": 0.8,
"value": "18.00"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-314",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. \nIntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor \"file_name\" File Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42730\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42730/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730\n\nRELEASE DATE:\n2010-12-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42730/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42730/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has discovered a vulnerability in IntegraXor, which\ncan be exploited by malicious people to disclose potentially\nsensitive information. \n\nInput passed to the \"file_name\" parameter in \"/\u003cproject name\u003e/open\"\n(where \"\u003cproject name\u003e\" is a valid project) is not properly verified\nbefore being used to display files. \n\nSuccessful exploitation requires the IntegraXor Server to be started\nand running a project (off by default). \n\nThe vulnerability is confirmed in version 3.6.4000.0. \n\nSOLUTION:\nRestrict access to trusted hosts only (e.g. via network access\ncontrol lists). \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/integraxor_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "96914"
}
],
"trust": 4.5
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-4598",
"trust": 4.1
},
{
"db": "BID",
"id": "45535",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#979776",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-10-355-01",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "15802",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-3304",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "42730",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2010-3389",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2010-3332",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-10-362-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001",
"trust": 0.8
},
{
"db": "IVD",
"id": "8876DC14-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D73DD1E-463F-11E9-802E-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "431CFF94-1FA5-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D79F7A2-463F-11E9-B78D-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "96914",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "PACKETSTORM",
"id": "96914"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
]
},
"id": "VAR-201012-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
}
],
"trust": 2.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.0
}
],
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
}
]
},
"last_update_date": "2023-12-18T13:53:39.616000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IntegraXor 3.6 SCADA Security Issue 20101222-0323 Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-10-355-01.pdf"
},
{
"trust": 2.5,
"url": "http://aluigi.org/adv/integraxor_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/45535"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/3304"
},
{
"trust": 2.1,
"url": "http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/979776"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/42730"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/15802"
},
{
"trust": 0.8,
"url": "http://www.exploit-db.com/exploits/15802/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4598"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-362-01_ecava_integraxor_directory_traversal.pdf"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu979776"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4598"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/45535http"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://aluigi.altervista.org/adv/integraxor_1-adv.txt"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42730/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42730/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42730"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "PACKETSTORM",
"id": "96914"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#979776"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"db": "BID",
"id": "45535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"db": "PACKETSTORM",
"id": "96914"
},
{
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"date": "2010-12-22T00:00:00",
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-22T00:00:00",
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"date": "2011-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#979776"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"date": "2010-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"date": "2010-12-21T00:00:00",
"db": "BID",
"id": "45535"
},
{
"date": "2011-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"date": "2010-12-23T06:21:14",
"db": "PACKETSTORM",
"id": "96914"
},
{
"date": "2010-12-23T18:00:03.977000",
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#979776"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"date": "2010-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3332"
},
{
"date": "2011-01-11T15:22:00",
"db": "BID",
"id": "45535"
},
{
"date": "2011-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001001"
},
{
"date": "2011-01-14T06:48:40.307000",
"db": "NVD",
"id": "CVE-2010-4598"
},
{
"date": "2010-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "8876dc14-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73dd1e-463f-11e9-802e-000c29342cb1"
},
{
"db": "IVD",
"id": "431cff94-1fa5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d79f7a2-463f-11e9-b78d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-314"
}
],
"trust": 1.4
}
}
VAR-201204-0146
Vulnerability from variot - Updated: 2023-12-18 13:49Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to overwrite arbitrary files on the affected system. This could aid in further attacks. Ecava IntegraXor versions prior to 3.71.4200 are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: IntegraXor Project ActiveX Control Insecure Method
SECUNIA ADVISORY ID: SA48558
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48558
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48558/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48558/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48558
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to compromise a user's system.
Successful exploitation may allow execution of arbitrary code.
SOLUTION: Update to version 3.71.4200.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Billy Rios and Terry McCorkle.
ORIGINAL ADVISORY: US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 2.5,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.60.4061",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Terry McCorkle",
"sources": [
{
"db": "BID",
"id": "52763"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0246",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-0246",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0246",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-535",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. \nExploiting the issue may allow an attacker to overwrite arbitrary files on the affected system. This could aid in further attacks. \nEcava IntegraXor versions prior to 3.71.4200 are vulnerable. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Project ActiveX Control Insecure Method\n\nSECUNIA ADVISORY ID:\nSA48558\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48558/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48558/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48558/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nSOLUTION:\nUpdate to version 3.71.4200. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Billy Rios and Terry McCorkle. \n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "111325"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0246",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-083-01",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "48558",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "80650",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-1650",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978",
"trust": 0.8
},
{
"db": "BID",
"id": "52763",
"trust": 0.3
},
{
"db": "IVD",
"id": "F9D0942E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "111325",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "PACKETSTORM",
"id": "111325"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
]
},
"id": "VAR-201204-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
}
]
},
"last_update_date": "2023-12-18T13:49:10.258000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/index.htm"
},
{
"title": "IntegraXor 3.71 - DOWNLOAD",
"trust": 0.8,
"url": "http://www.integraxor.com/download.htm"
},
{
"title": "Ecava IntegraXor \u0027igcom.dll\u0027 directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/14973"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-083-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/48558"
},
{
"trust": 1.0,
"url": "http://osvdb.org/80650"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0246"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0246"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-083-01.pdfhttp"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48558"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48558/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48558/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "PACKETSTORM",
"id": "111325"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"db": "PACKETSTORM",
"id": "111325"
},
{
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-30T00:00:00",
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"date": "2012-03-28T00:00:00",
"db": "BID",
"id": "52763"
},
{
"date": "2012-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"date": "2012-03-28T09:00:21",
"db": "PACKETSTORM",
"id": "111325"
},
{
"date": "2012-04-02T10:46:44.263000",
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"date": "2012-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"date": "2012-08-17T12:20:00",
"db": "BID",
"id": "52763"
},
{
"date": "2012-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001978"
},
{
"date": "2018-01-06T02:29:28.893000",
"db": "NVD",
"id": "CVE-2012-0246"
},
{
"date": "2012-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor \u0027igcom.dll\u0027 Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1650"
},
{
"db": "BID",
"id": "52763"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "f9d0942e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-535"
}
],
"trust": 0.8
}
}
VAR-201504-0076
Vulnerability from variot - Updated: 2023-12-18 13:39Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. A local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4450"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": "integraxor scada server",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4450"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "4.2.4488"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4450",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Praveen Darshanam",
"sources": [
{
"db": "BID",
"id": "73472"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0990",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0990",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02165",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-051",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0990",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. \nA local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0990",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-02",
"trust": 2.8
},
{
"db": "CNVD",
"id": "CNVD-2015-02165",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079",
"trust": 0.8
},
{
"db": "BID",
"id": "73472",
"trust": 0.4
},
{
"db": "IVD",
"id": "98F81D5E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2015-0990",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"id": "VAR-201504-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
}
]
},
"last_update_date": "2023-12-18T13:39:18.563000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "igsetup-4.2.4488.msi",
"trust": 0.8,
"url": "http://www.integraxor.com/download/rc.msi?4.2.4488"
},
{
"title": "Patch for Ecava IntegraXor DLL Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/56916"
},
{
"title": "igsetup-4.2.4488",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54805"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0990"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0990"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/download/rc.msi?4.2.4488"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73472"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"db": "BID",
"id": "73472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73472"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"date": "2015-04-03T10:59:12.227000",
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02165"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0990"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73472"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002079"
},
{
"date": "2015-04-03T15:17:54.550000",
"db": "NVD",
"id": "CVE-2015-0990"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "73472"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002079"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "98f81d5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-051"
}
],
"trust": 0.8
}
}
VAR-201104-0286
Vulnerability from variot - Updated: 2023-12-18 13:34Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to an unspecified SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to IntegraXor 3.60.4050 are vulnerable. ----------------------------------------------------------------------
Q1 Factsheets released:
http://secunia.com/resources/factsheets/2011_vendor/
TITLE: IntegraXor SQL Database Insecure Permissions Security Issue
SECUNIA ADVISORY ID: SA44105
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44105
RELEASE DATE: 2011-04-12
DISCUSS ADVISORY: http://secunia.com/advisories/44105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44105/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A security issue has been reported in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data.
SOLUTION: Update to version 3.6.4000.5.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Dan Rosenberg, Virtual Security Research (VSR).
ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201104-0286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.5,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.5"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "hmi 3.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
}
],
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.60",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dan Rosenberg",
"sources": [
{
"db": "BID",
"id": "47019"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1562",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-1562",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1562",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201104-024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to an unspecified SQL-injection vulnerability because it fails to properly sanitize user-supplied input. \nExploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nVersions prior to IntegraXor 3.60.4050 are vulnerable. ----------------------------------------------------------------------\n\n\nQ1 Factsheets released:\n\nhttp://secunia.com/resources/factsheets/2011_vendor/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor SQL Database Insecure Permissions Security Issue\n\nSECUNIA ADVISORY ID:\nSA44105\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44105/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105\n\nRELEASE DATE:\n2011-04-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44105/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44105/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in IntegraXor, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation and manipulate certain data. \n\nSOLUTION:\nUpdate to version 3.6.4000.5. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Dan Rosenberg, Virtual Security Research (VSR). \n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "100305"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "47019",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-11-082-01",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2011-1562",
"trust": 3.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0761",
"trust": 1.6
},
{
"db": "XF",
"id": "66306",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "44105",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-1239",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "HTTP://WWW.US-CERT.GOV/CONTROL_SYSTEMS/PDF/ICSA-11-082-01.PDF",
"trust": 0.6
},
{
"db": "IVD",
"id": "1BC35CBE-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "C65F51E6-1F9A-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "100305",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "PACKETSTORM",
"id": "100305"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
]
},
"id": "VAR-201104-0286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
}
],
"trust": 1.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
}
]
},
"last_update_date": "2023-12-18T13:34:56.173000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Issue SQL Unauthenticated Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
},
{
"title": "Ecava IntegraXor patch for unknown SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/3394"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-082-01.pdf"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/47019"
},
{
"trust": 1.9,
"url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2011/0761"
},
{
"trust": 1.4,
"url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/66306"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/44105"
},
{
"trust": 1.0,
"url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1562"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1562"
},
{
"trust": 0.6,
"url": "http://twitter.com/#!/djrbliss/status/50685527749431296"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44105/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44105"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44105/"
},
{
"trust": 0.1,
"url": "http://secunia.com/resources/factsheets/2011_vendor/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "PACKETSTORM",
"id": "100305"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"db": "BID",
"id": "47019"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"db": "PACKETSTORM",
"id": "100305"
},
{
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-25T00:00:00",
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"date": "2011-03-25T00:00:00",
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"date": "2011-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"date": "2011-03-23T00:00:00",
"db": "BID",
"id": "47019"
},
{
"date": "2011-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"date": "2011-04-12T06:01:39",
"db": "PACKETSTORM",
"id": "100305"
},
{
"date": "2011-04-05T15:19:35.587000",
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"date": "2011-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1239"
},
{
"date": "2011-04-11T11:35:00",
"db": "BID",
"id": "47019"
},
{
"date": "2011-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001684"
},
{
"date": "2023-11-07T02:07:02.980000",
"db": "NVD",
"id": "CVE-2011-1562"
},
{
"date": "2011-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor HMI Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001684"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "1bc35cbe-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c65f51e6-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-024"
}
],
"trust": 1.0
}
}
VAR-201706-0471
Vulnerability from variot - Updated: 2023-12-18 13:34A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. IntegraXor versions 5.2.1231.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0471",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.8,
"vendor": "ecava",
"version": "5.2.1231.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "5.2.1231.0"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=5.2.1231.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4410"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4393"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "5.2.722.2"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "5.0.413.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "5.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4450"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4340"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.72"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "6.0.522.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.1231.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Martin of Tenable Security",
"sources": [
{
"db": "BID",
"id": "99164"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6050",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6050",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-15807",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6050",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6050",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-15807",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-882",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nIntegraXor versions 5.2.1231.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6050",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-171-01",
"trust": 3.3
},
{
"db": "BID",
"id": "99164",
"trust": 2.5
},
{
"db": "TENABLE",
"id": "TRA-2017-24",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2017-15807",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "36941",
"trust": 0.6
},
{
"db": "IVD",
"id": "0852AA5F-E070-4AD6-AB62-B472502A6B07",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"id": "VAR-201706-0471",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
}
]
},
"last_update_date": "2023-12-18T13:34:11.109000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/98489"
},
{
"title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71126"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-171-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/99164"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/research/tra-2017-24"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6050"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6050"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36941"
},
{
"trust": 0.3,
"url": "https://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "BID",
"id": "99164"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-21T00:00:00",
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"date": "2017-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"date": "2017-06-20T00:00:00",
"db": "BID",
"id": "99164"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"date": "2017-06-21T19:29:00.337000",
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"date": "2017-06-20T00:00:00",
"db": "BID",
"id": "99164"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005031"
},
{
"date": "2017-11-08T02:29:04.037000",
"db": "NVD",
"id": "CVE-2017-6050"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-15807"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "0852aa5f-e070-4ad6-ab62-b472502a6b07"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-882"
}
],
"trust": 0.8
}
}
VAR-201012-0061
Vulnerability from variot - Updated: 2023-12-18 13:30Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dwmapi.dll It may be possible to get permission through the file. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. An untrusted search path vulnerability exists in Ecava IntegraXor 3.6.4000.0 and earlier. Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: IntegraXor Insecure Library Loading Vulnerability
SECUNIA ADVISORY ID: SA42734
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42734/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42734
RELEASE DATE: 2010-12-23
DISCUSS ADVISORY: http://secunia.com/advisories/42734/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42734/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42734
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in IntegraXor, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a IGX file located on a remote WebDAV or SMB share.
The vulnerability is confirmed in version 3.6.4000.0.
SOLUTION: Do not open untrusted files.
PROVIDED AND/OR DISCOVERED BY: Mister Teatime
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 2.7,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.6.4000.0"
}
],
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mister Teatime",
"sources": [
{
"db": "BID",
"id": "45549"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
],
"trust": 0.9
},
"cve": "CVE-2010-4599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-4599",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "8831bfda-2355-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-4599",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-315",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dwmapi.dll It may be possible to get permission through the file. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. An untrusted search path vulnerability exists in Ecava IntegraXor 3.6.4000.0 and earlier. Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. \nIntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Insecure Library Loading Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42734\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42734/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734\n\nRELEASE DATE:\n2010-12-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42734/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42734/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in IntegraXor, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to the application loading libraries\n(e.g. dwmapi.dll) in an insecure manner. This can be exploited to\nload arbitrary libraries by tricking a user into e.g. opening a IGX\nfile located on a remote WebDAV or SMB share. \n\nThe vulnerability is confirmed in version 3.6.4000.0. \n\nSOLUTION:\nDo not open untrusted files. \n\nPROVIDED AND/OR DISCOVERED BY:\nMister Teatime\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "96916"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-4599",
"trust": 3.7
},
{
"db": "BID",
"id": "45549",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "42734",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2010-3388",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669",
"trust": 0.8
},
{
"db": "IVD",
"id": "8831BFDA-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D73B60F-463F-11E9-BFE4-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "96916",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "PACKETSTORM",
"id": "96916"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
]
},
"id": "VAR-201012-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
}
],
"trust": 1.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
}
]
},
"last_update_date": "2023-12-18T13:30:05.742000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "integraxor-3-6-4000-0-dated-17-dec-2010-change-log",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/integraxor-3-6-4000-0-dated-17-dec-2010-change-log"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/45549"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/42734"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4599"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4599"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42734/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42734/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42734"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "PACKETSTORM",
"id": "96916"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "BID",
"id": "45549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"db": "PACKETSTORM",
"id": "96916"
},
{
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"date": "2010-12-24T00:00:00",
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"date": "2010-12-22T00:00:00",
"db": "BID",
"id": "45549"
},
{
"date": "2011-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"date": "2010-12-23T06:21:20",
"db": "PACKETSTORM",
"id": "96916"
},
{
"date": "2010-12-23T18:00:04.027000",
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"date": "2010-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "45549"
},
{
"date": "2011-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002669"
},
{
"date": "2011-01-11T06:46:27.343000",
"db": "NVD",
"id": "CVE-2010-4599"
},
{
"date": "2010-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Untrusted Search Path Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3388"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "8831bfda-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d73b60f-463f-11e9-bfe4-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-315"
}
],
"trust": 1.0
}
}
VAR-201702-0293
Vulnerability from variot - Updated: 2023-12-18 13:14An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. An attacker could exploit the vulnerability to compromise an affected application, access or modify data, or exploit a potential vulnerability in the underlying database. IntegraXor version 5.0.413.0 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0293",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 3.3,
"vendor": "ecava",
"version": "5.0.413.0"
},
{
"model": "integraxor",
"scope": null,
"trust": 1.4,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "5.2.722.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "5.0.413.0"
}
],
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:5.0.413.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8341"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Gorenc and Juan Pablo Lopez",
"sources": [
{
"db": "BID",
"id": "95907"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8341",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8341",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 2.2,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01510",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8341",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8341",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2016-8341",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01510",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-256",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host\u0027s database could be subject to read, write, and delete commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. An attacker could exploit the vulnerability to compromise an affected application, access or modify data, or exploit a potential vulnerability in the underlying database. \nIntegraXor version 5.0.413.0 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
}
],
"trust": 3.87
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8341",
"trust": 4.9
},
{
"db": "ICS CERT",
"id": "ICSA-17-031-02",
"trust": 2.7
},
{
"db": "BID",
"id": "95907",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-01510",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3824",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-059",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3849",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-058",
"trust": 0.7
},
{
"db": "IVD",
"id": "B6A8EEC8-6FCF-4E17-AB05-5BEE56343E5A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"id": "VAR-201702-0293",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
}
]
},
"last_update_date": "2023-12-18T13:14:25.920000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-031-02"
},
{
"title": "Ecava IGX SCADA",
"trust": 0.8,
"url": "https://www.integraxor.com/download-scada/"
},
{
"title": "Ecava IntegraXor has multiple patches for SQL injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89438"
},
{
"title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67544"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-031-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/95907"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8341"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8341"
},
{
"trust": 0.3,
"url": "http://ecava.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"db": "BID",
"id": "95907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-17T00:00:00",
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"date": "2017-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"date": "2017-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"date": "2017-01-31T00:00:00",
"db": "BID",
"id": "95907"
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"date": "2017-02-13T21:59:00.597000",
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"date": "2017-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-17-059"
},
{
"date": "2017-02-07T00:00:00",
"db": "ZDI",
"id": "ZDI-17-058"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01510"
},
{
"date": "2017-02-02T00:08:00",
"db": "BID",
"id": "95907"
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007828"
},
{
"date": "2017-03-01T23:45:20.513000",
"db": "NVD",
"id": "CVE-2016-8341"
},
{
"date": "2017-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor of Web On the server SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "b6a8eec8-6fcf-4e17-ab05-5bee56343e5a"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-256"
}
],
"trust": 0.8
}
}
VAR-201302-0027
Vulnerability from variot - Updated: 2023-12-18 13:09Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. Ecava IntegraXor is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: IntegraXor ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA52073
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52073
RELEASE DATE: 2013-02-06
DISCUSS ADVISORY: http://secunia.com/advisories/52073/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52073/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52073
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 4.00 build 4250.0 and prior.
SOLUTION: Update to version 4.00 build 4280.0.
PROVIDED AND/OR DISCOVERED BY: Andrew Brooks
ORIGINAL ADVISORY: ICS-CERT: http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201302-0027",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.72"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.71"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "scada server 4.00 build 4250.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.00.4250"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "4.00.4280"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.71"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.72"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57767"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Brooks",
"sources": [
{
"db": "BID",
"id": "57767"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4700",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4700",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4700",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201302-128",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. Ecava IntegraXor is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA52073\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52073/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073\n\nRELEASE DATE:\n2013-02-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52073/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52073/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in version 4.00 build 4250.0 and prior. \n\nSOLUTION:\nUpdate to version 4.00 build 4280.0. \n\nPROVIDED AND/OR DISCOVERED BY:\nAndrew Brooks\n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "BID",
"id": "57767"
},
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "120110"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4700",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-13-036-02",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52073",
"trust": 0.8
},
{
"db": "BID",
"id": "57767",
"trust": 0.3
},
{
"db": "IVD",
"id": "1AA8E3F0-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "120110",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57767"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "PACKETSTORM",
"id": "120110"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
]
},
"id": "VAR-201302-0027",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 0.47383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T13:09:36.109000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Issue for ActiveX enabled browser Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-036-02.pdf"
},
{
"trust": 1.9,
"url": "http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4700"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4700"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52073"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52073/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52073"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52073/"
}
],
"sources": [
{
"db": "BID",
"id": "57767"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "PACKETSTORM",
"id": "120110"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "57767"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"db": "PACKETSTORM",
"id": "120110"
},
{
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-18T00:00:00",
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-05T00:00:00",
"db": "BID",
"id": "57767"
},
{
"date": "2013-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"date": "2013-02-07T07:09:34",
"db": "PACKETSTORM",
"id": "120110"
},
{
"date": "2013-02-08T05:50:40.767000",
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"date": "2013-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-05T00:00:00",
"db": "BID",
"id": "57767"
},
{
"date": "2013-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001446"
},
{
"date": "2013-02-08T05:50:40.767000",
"db": "NVD",
"id": "CVE-2012-4700"
},
{
"date": "2013-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IntegraXor ActiveX Control Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "1aa8e3f0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-128"
}
],
"trust": 0.8
}
}
VAR-201401-0366
Vulnerability from variot - Updated: 2023-12-18 12:58The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a sensitive information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain project directory information. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4369 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0366",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.71"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.72"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.2,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"model": "integraxor",
"scope": null,
"trust": 0.6,
"vendor": "ecava",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.60.4061"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.71"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.71.4200"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "3.72"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "4.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
}
],
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4360",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alphazorx aka technically.screwed",
"sources": [
{
"db": "BID",
"id": "64351"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
],
"trust": 0.9
},
"cve": "CVE-2014-0752",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0752",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-15287",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00197",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "76051468-1ef7-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "524f1eec-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0752",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-15287",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00197",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-342",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a sensitive information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain project directory information. Ecava IntegraXor is prone to an information-disclosure vulnerability. \nVersions prior to IntegraXor 4.1.4369 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0752",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-008-01",
"trust": 3.0
},
{
"db": "BID",
"id": "64351",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2013-15287",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-00197",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027",
"trust": 0.8
},
{
"db": "IVD",
"id": "76051468-1EF7-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "524F1EEC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
]
},
"id": "VAR-201401-0366",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
}
],
"trust": 1.87383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
}
]
},
"last_update_date": "2023-12-18T12:58:03.397000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ecava.com/"
},
{
"title": "Security Issue for Project Directory Information Disclosure Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"title": "Ecava IntegraXor SCADA server any project backup file read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42265"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-008-01"
},
{
"trust": 1.6,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/64351"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0752"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0752"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-13T00:00:00",
"db": "IVD",
"id": "524f1eec-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"date": "2013-12-15T00:00:00",
"db": "BID",
"id": "64351"
},
{
"date": "2014-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"date": "2014-01-09T18:07:26.597000",
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"date": "2013-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00197"
},
{
"date": "2014-01-09T13:21:00",
"db": "BID",
"id": "64351"
},
{
"date": "2014-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001027"
},
{
"date": "2014-01-10T14:56:26.270000",
"db": "NVD",
"id": "CVE-2014-0752"
},
{
"date": "2014-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Project Directory Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "76051468-1ef7-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-15287"
},
{
"db": "BID",
"id": "64351"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-342"
}
],
"trust": 0.6
}
}
VAR-201712-0123
Vulnerability from variot - Updated: 2023-12-18 12:37A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter provided to the getdata page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. Ecava IntegraXor 6.1.1030.1 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.8,
"vendor": "ecava",
"version": "6.1.1030.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "6.1.1030.1"
},
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=6.1.1030.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "6.0.522.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.1030.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite Michael DePlante and Brad Taylor",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1000"
}
],
"trust": 0.7
},
"cve": "CVE-2017-16735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-16735",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16735",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37693",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-16735",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16735",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2017-16735",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37693",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-745",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter provided to the getdata page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Ecava IntegraXor is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. \nEcava IntegraXor 6.1.1030.1 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16735",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-03",
"trust": 2.7
},
{
"db": "BID",
"id": "102223",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-37693",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5386",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-1000",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-04",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DFA810-39AB-11E9-84D4-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"id": "VAR-201712-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
}
]
},
"last_update_date": "2023-12-18T12:37:03.867000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.integraxor.com/"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
},
{
"title": "Patch for Ecava IntegraXor SQL Injection Vulnerability (CNVD-2017-37693)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111295"
},
{
"title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77237"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16735"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16735"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-04"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/102223"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102223"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"date": "2017-12-20T19:29:00.350000",
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1000"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37693"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102223"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011531"
},
{
"date": "2018-01-04T20:08:51.900000",
"db": "NVD",
"id": "CVE-2017-16735"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2dfa810-39ab-11e9-84d4-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-745"
}
],
"trust": 0.8
}
}
VAR-201712-0122
Vulnerability from variot - Updated: 2023-12-18 12:37A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. Authentication is not required to exploit this vulnerability.The specific flaw exists within the batchlist report page. When parsing the 'to' parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. An attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Ecava IntegraXor 6.1.1030.1 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.8,
"vendor": "ecava",
"version": "6.1.1030.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "6.1.1030.1"
},
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=6.1.1030.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "6.0.522.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.1030.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite Michael DePlante and Brad Taylor",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-999"
}
],
"trust": 0.7
},
"cve": "CVE-2017-16733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16733",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37694",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-16733",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16733",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2017-16733",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37694",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. Authentication is not required to exploit this vulnerability.The specific flaw exists within the batchlist report page. When parsing the \u0027to\u0027 parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. \nAn attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nEcava IntegraXor 6.1.1030.1 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16733",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-03",
"trust": 2.7
},
{
"db": "BID",
"id": "102223",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-37694",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5385",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-999",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-04",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DFCF22-39AB-11E9-9906-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"id": "VAR-201712-0122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
}
]
},
"last_update_date": "2023-12-18T12:37:03.827000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.integraxor.com/"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
},
{
"title": "Patch for Ecava IntegraXor SQL Injection Vulnerability (CNVD-2017-37694)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111297"
},
{
"title": "Ecava IntegraXor SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77236"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16733"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16733"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-04"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/102223"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"db": "BID",
"id": "102223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102223"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"date": "2017-12-20T19:29:00.317000",
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-999"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37694"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102223"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011530"
},
{
"date": "2018-01-04T20:07:10.517000",
"db": "NVD",
"id": "CVE-2017-16733"
},
{
"date": "2017-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011530"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2dfcf22-39ab-11e9-9906-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-744"
}
],
"trust": 0.8
}
}
VAR-201409-0184
Vulnerability from variot - Updated: 2023-12-18 12:30SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "69772"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2376",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05987",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2376",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-05987",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-517",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor SCADA The server SQL An injection vulnerability exists.By any third party SQL The command may be executed. IntegraXor is based on web technology, and the IntegraXor server is indeed a standard web server that adds HMI/SCADA requirements. An attacker could exploit this vulnerability to control an application, access or modify data",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2376",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69772",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05987",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166",
"trust": 0.8
},
{
"db": "IVD",
"id": "28F66F5A-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"id": "VAR-201409-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
}
]
},
"last_update_date": "2023-12-18T12:30:41.003000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50104"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2376"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2376"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69772"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"db": "BID",
"id": "69772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69772"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"date": "2014-09-15T14:55:11.150000",
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05987"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69772"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004166"
},
{
"date": "2014-09-16T13:44:59.070000",
"db": "NVD",
"id": "CVE-2014-2376"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA On the server SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004166"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "28f66f5a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-517"
}
],
"trust": 0.8
}
}
VAR-201409-0185
Vulnerability from variot - Updated: 2023-12-18 12:30Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "69774"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2377",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05986",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2377",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05986",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-518",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Ecava IntegraXor SCADA The server contains a vulnerability where a full path name can be obtained.A third party may be able to obtain the full path name via the application tag. IntegraXor is based on network technology, and the IntegraXor server is indeed a HMI/SCADA requirement added on a standard web server. An information disclosure vulnerability exists in Ecava Integraxor SCADA Server. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2377",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69774",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05986",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167",
"trust": 0.8
},
{
"db": "IVD",
"id": "28EBCE7E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"id": "VAR-201409-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
]
},
"last_update_date": "2023-12-18T12:30:41.038000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50102"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2377"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2377"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69774"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"db": "BID",
"id": "69774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69774"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"date": "2014-09-15T14:55:11.197000",
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05986"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69774"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004167"
},
{
"date": "2014-09-16T13:31:13.060000",
"db": "NVD",
"id": "CVE-2014-2377"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava Integraxor SCADA Server Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "28ebce7e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05986"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-518"
}
],
"trust": 0.6
}
}
VAR-201409-0183
Vulnerability from variot - Updated: 2023-12-18 12:30Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "beta 4.1.4392"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 0.8,
"vendor": "ecava",
"version": "stable 4.1.4360"
},
{
"model": "integraxor scada server",
"scope": "lte",
"trust": 0.6,
"vendor": "ecava",
"version": "\u003c=4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4360",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:beta:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4392",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi",
"sources": [
{
"db": "BID",
"id": "69767"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2375",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05990",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2375",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-05990",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-516",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. IntegraXor is based on network technology, and the IntegraXor server is a standard web server that adds HMI/SCADA requirements. Ecava Integraxor SCADA Server has arbitrary file read and write vulnerabilities that an attacker can use to read and write arbitrary files in the application context. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2375",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 2.7
},
{
"db": "BID",
"id": "69767",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165",
"trust": 0.8
},
{
"db": "IVD",
"id": "28FE4BBC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"id": "VAR-201409-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
]
},
"last_update_date": "2023-12-18T12:30:40.969000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava Integraxor SCADA Server patch for arbitrary file read and write vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50105"
},
{
"title": "igsetup-4.2.4470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2375"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2375"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69767"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"db": "BID",
"id": "69767"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69767"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"date": "2014-09-15T14:55:11.103000",
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05990"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69767"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004165"
},
{
"date": "2014-09-16T13:47:49.977000",
"db": "NVD",
"id": "CVE-2014-2375"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava Integraxor SCADA Server Arbitrary file read and write vulnerability",
"sources": [
{
"db": "IVD",
"id": "28fe4bbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05990"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-516"
}
],
"trust": 0.6
}
}
VAR-201405-0459
Vulnerability from variot - Updated: 2023-12-18 12:30Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the "guest" user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4393 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4340"
},
{
"model": "integraxor",
"scope": null,
"trust": 1.4,
"vendor": "ecava",
"version": null
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.1.4393"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.x"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4392"
},
{
"model": "integraxor scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4340"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4360"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4369"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4380"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4380:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4390",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4340:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0786",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0786",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-02109",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "06e54bac-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0786",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-0786",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-02109",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-616",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the \"guest\" user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. \nVersions prior to IntegraXor 4.1.4393 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 4.14
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0786",
"trust": 5.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-091-01",
"trust": 2.4
},
{
"db": "BID",
"id": "66554",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-02109",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2310",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-369",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2041",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-117",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-224-01",
"trust": 0.3
},
{
"db": "BID",
"id": "69776",
"trust": 0.3
},
{
"db": "IVD",
"id": "06E54BAC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"id": "VAR-201405-0459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
}
],
"trust": 1.0713851600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
}
]
},
"last_update_date": "2023-12-18T12:30:40.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Account Information Disclosure Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"title": "Ecava has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-091-01"
},
{
"title": "Ecava IntegraXor Account Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/44617"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-091-01"
},
{
"trust": 1.6,
"url": "http://www.integraxor.com/blog/category/security/vulnerability-note/"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-224-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0786"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0786"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/blog/account-information-disclosure-vulnerability-note/"
},
{
"trust": 0.6,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"db": "BID",
"id": "69776"
},
{
"db": "BID",
"id": "66554"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "IVD",
"id": "06e54bac-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"date": "2014-05-02T00:00:00",
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"date": "2014-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69776"
},
{
"date": "2014-04-01T00:00:00",
"db": "BID",
"id": "66554"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"date": "2014-05-01T01:56:10.490000",
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"date": "2014-05-02T00:00:00",
"db": "ZDI",
"id": "ZDI-14-117"
},
{
"date": "2014-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02109"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69776"
},
{
"date": "2014-10-29T00:59:00",
"db": "BID",
"id": "66554"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002340"
},
{
"date": "2014-05-01T16:18:09.443000",
"db": "NVD",
"id": "CVE-2014-0786"
},
{
"date": "2014-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-369"
},
{
"db": "ZDI",
"id": "ZDI-14-117"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-616"
}
],
"trust": 0.6
}
}
VAR-201604-0069
Vulnerability from variot - Updated: 2023-12-18 12:20Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0069",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2300",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2300",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-02334",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "58b67af6-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-2300",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2300",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02334",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-320",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2300",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02334",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B67AF6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
]
},
"id": "VAR-201604-0069",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
}
]
},
"last_update_date": "2023-12-18T12:20:36.174000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor Permissions bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74346"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2300"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2300"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58b67af6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"date": "2016-04-22T00:59:01.370000",
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02334"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002345"
},
{
"date": "2016-04-27T18:16:14.233000",
"db": "NVD",
"id": "CVE-2016-2300"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-320"
}
],
"trust": 0.6
}
}
VAR-201604-0075
Vulnerability from variot - Updated: 2023-12-18 12:20The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A transport unencrypted vulnerability exists in versions of Ecava IntegraXor 5.0 build prior to 4522 that originated from the HMI web server transmitting unencrypted data. A remote attacker could exploit this vulnerability to gain full access to the affected system. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-2306",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02332",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "58b13578-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2306",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2306",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02332",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-316",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A transport unencrypted vulnerability exists in versions of Ecava IntegraXor 5.0 build prior to 4522 that originated from the HMI web server transmitting unencrypted data. A remote attacker could exploit this vulnerability to gain full access to the affected system. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2306",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02332",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B13578-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
]
},
"id": "VAR-201604-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
}
]
},
"last_update_date": "2023-12-18T12:20:36.009000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor transmits patches for unencrypted vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2306"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2306"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58b13578-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"date": "2016-04-22T00:59:07.447000",
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02332"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002350"
},
{
"date": "2016-04-27T18:12:48.483000",
"db": "NVD",
"id": "CVE-2016-2306"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor of HMI Web Vulnerability in server that can retrieve important plaintext information",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002350"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-316"
}
],
"trust": 0.6
}
}
VAR-201604-0073
Vulnerability from variot - Updated: 2023-12-18 12:20Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A remote attacker can exploit the vulnerability to steal cookies and log in as an administrator. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2304",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02341",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "58b0282c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-2304",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2304",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02341",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. A remote attacker can exploit the vulnerability to steal cookies and log in as an administrator. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2304",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B0282C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
]
},
"id": "VAR-201604-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
}
]
},
"last_update_date": "2023-12-18T12:20:36.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/?utm_expid=85936669-18.g6a4ksnotkmqs1o7qp5nng.1\u0026utm_referrer=http%3a%2f%2fjvndb.jvn.jp%2fja%2fcontents%2f2016%2fjvndb-2016-002350.html"
},
{
"title": "Patch for Ecava IntegraXor Information Disclosure Vulnerability (CNVD-2016-02341)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74344"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2304"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2304"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58b0282c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"date": "2016-04-22T00:59:05.447000",
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02341"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002362"
},
{
"date": "2016-04-28T18:15:24.497000",
"db": "NVD",
"id": "CVE-2016-2304"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002362"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-318"
}
],
"trust": 0.6
}
}
VAR-201604-0072
Vulnerability from variot - Updated: 2023-12-18 12:20CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Ecava IntegraXor Is CRLF An injection vulnerability exists. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. The Ecava IntegraXor HMI failed to properly handle specific elements in the input, allowing remote attackers to exploit the vulnerability to bypass security restrictions. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2303",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-2303",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02330",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-2303",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2303",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02330",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-319",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Ecava IntegraXor Is CRLF An injection vulnerability exists. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. The Ecava IntegraXor HMI failed to properly handle specific elements in the input, allowing remote attackers to exploit the vulnerability to bypass security restrictions. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2303",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02330",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58AF9C0E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
]
},
"id": "VAR-201604-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
}
]
},
"last_update_date": "2023-12-18T12:20:36.044000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor HMI Permissions Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74340"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2303"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2303"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58af9c0e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"date": "2016-04-22T00:59:04.540000",
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02330"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002348"
},
{
"date": "2016-04-27T18:33:32.463000",
"db": "NVD",
"id": "CVE-2016-2303"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor In CRLF Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-319"
}
],
"trust": 0.6
}
}
VAR-201604-0070
Vulnerability from variot - Updated: 2023-12-18 12:20SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor is a web-based tool for Ecava Malaysia to create and run HMI interfaces (human machine interfaces) for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2301",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-02397",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "f20a055e-8897-11e7-a432-000c2975a0fc",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-2301",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2301",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Ecava IntegraXor is a web-based tool for Ecava Malaysia to create and run HMI interfaces (human machine interfaces) for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2301",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02397",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "F20A055E-8897-11E7-A432-000C2975A0FC",
"trust": 0.2
},
{
"db": "IVD",
"id": "58B1F1E8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
]
},
"id": "VAR-201604-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
}
],
"trust": 1.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
}
]
},
"last_update_date": "2023-12-18T12:20:36.078000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Ecava IntegraXor SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74422"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2301"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2301"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-20T00:00:00",
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"date": "2016-04-20T00:00:00",
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"date": "2016-04-22T00:59:02.637000",
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002346"
},
{
"date": "2016-04-27T18:04:19.940000",
"db": "NVD",
"id": "CVE-2016-2301"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02397"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "f20a055e-8897-11e7-a432-000c2975a0fc"
},
{
"db": "IVD",
"id": "58b1f1e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-322"
}
],
"trust": 1.0
}
}
VAR-201604-0074
Vulnerability from variot - Updated: 2023-12-18 12:20Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A clear-text transmission of sensitive information vulnerability 2. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. An information disclosure vulnerability 6. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-2305",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02333",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "58b0b288-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-2305",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2305",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02333",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-317",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A clear-text transmission of sensitive information vulnerability\n2. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. An information disclosure vulnerability\n6. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2305",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-02333",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.3
},
{
"db": "IVD",
"id": "58B0B288-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
]
},
"id": "VAR-201604-0074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
}
]
},
"last_update_date": "2023-12-18T12:20:35.974000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Patch for Ecava IntegraXor Cross-Site Scripting Vulnerability (CNVD-2016-02333)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74342"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2305"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2305"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58b0b288-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"date": "2016-04-22T00:59:06.433000",
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02333"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002349"
},
{
"date": "2016-04-27T18:35:16.613000",
"db": "NVD",
"id": "CVE-2016-2305"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-317"
}
],
"trust": 0.6
}
}
VAR-201604-0071
Vulnerability from variot - Updated: 2023-12-18 12:20Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. 1. A Cross-site scripting vulnerability 3. Multiple security bypass vulnerabilities 4. An authorization bypass vulnerability 5. Multiple SQL-injection vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "5.0 build 4522"
},
{
"model": "integraxor build",
"scope": "lt",
"trust": 0.6,
"vendor": "ecava",
"version": "5.04522"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.2.4502"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4502",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro\u2019s Zero Day Initiative",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2302",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2302",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02340",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-2302",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2302",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02340",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-321",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-2302",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor is prone to the following security vulnerabilities. \n1. A Cross-site scripting vulnerability\n3. Multiple security bypass vulnerabilities\n4. An authorization bypass vulnerability\n5. Multiple SQL-injection vulnerabilities\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, gain access to sensitive information or bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2302",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-03",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2016-02340",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347",
"trust": 0.8
},
{
"db": "BID",
"id": "86088",
"trust": 0.4
},
{
"db": "IVD",
"id": "58AEFD8A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2016-2302",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
]
},
"id": "VAR-201604-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
}
]
},
"last_update_date": "2023-12-18T12:20:35.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.integraxor.com/"
},
{
"title": "Patch for Ecava IntegraXor Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2302"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2302"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86088"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"db": "BID",
"id": "86088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"date": "2016-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"date": "2016-04-22T00:59:03.620000",
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02340"
},
{
"date": "2016-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2302"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86088"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002347"
},
{
"date": "2016-04-27T18:11:28.973000",
"db": "NVD",
"id": "CVE-2016-2302"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "58aefd8a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02340"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-321"
}
],
"trust": 0.6
}
}
VAR-201107-0258
Vulnerability from variot - Updated: 2023-12-18 12:10Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ecava IntegraXor is a human interface product that uses HTML and SVG. A cross-site scripting vulnerability exists in Ecava IntegraXor. Because the application lacks filtering of user-submitted data, an attacker exploits a vulnerability to steal cookie-based authentication credentials and execute arbitrary code in an uninformed user's browser in the context of the affected site. Ecava IntegraXor is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Ecava IntegraXor versions prior to 3.60.4080 are vulnerable. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial: http://secunia.com/products/corporate/vim/
TITLE: IntegraXor Unspecified Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA44321
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44321/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44321
RELEASE DATE: 2011-08-03
DISCUSS ADVISORY: http://secunia.com/advisories/44321/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44321/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44321
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain unspecified input is not properly sanitised before being returned to the user.
SOLUTION: Update to version 3.60 Build 4080.
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher via ICS CERT.
ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/security-issue-xss-vulnerability-note
ICS CERT (ICSA-11-147-02): http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201107-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 2.2,
"vendor": "ecava",
"version": "3.60"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 2.2,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.9,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.9,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.8,
"vendor": "ecava",
"version": "3.x"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "3.60 (build 4080)"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4050"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4032"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.6.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5.4000.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.3,
"vendor": "ecava",
"version": "3.5"
},
{
"model": "integraxor",
"scope": "ne",
"trust": 0.3,
"vendor": "ecava",
"version": "3.60.4080"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.60.4061",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73788"
}
],
"trust": 0.3
},
"cve": "CVE-2011-2958",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-2958",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-2958",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201107-434",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ecava IntegraXor is a human interface product that uses HTML and SVG. A cross-site scripting vulnerability exists in Ecava IntegraXor. Because the application lacks filtering of user-submitted data, an attacker exploits a vulnerability to steal cookie-based authentication credentials and execute arbitrary code in an uninformed user\u0027s browser in the context of the affected site. Ecava IntegraXor is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nEcava IntegraXor versions prior to 3.60.4080 are vulnerable. ----------------------------------------------------------------------\n\nThe Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. \n\nRead more and request a free trial:\nhttp://secunia.com/products/corporate/vim/\n\n----------------------------------------------------------------------\n\nTITLE:\nIntegraXor Unspecified Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA44321\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44321/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321\n\nRELEASE DATE:\n2011-08-03\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44321/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44321/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in IntegraXor, which can be\nexploited by malicious people to conduct cross-site scripting\nattacks. \n\nCertain unspecified input is not properly sanitised before being\nreturned to the user. \n\nSOLUTION:\nUpdate to version 3.60 Build 4080. \n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher via ICS CERT. \n\nORIGINAL ADVISORY:\nIntegraXor:\nhttp://www.integraxor.com/blog/security-issue-xss-vulnerability-note\n\nICS CERT (ICSA-11-147-02):\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "103691"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-11-147-02",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2011-2958",
"trust": 2.9
},
{
"db": "BID",
"id": "48958",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-2970",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064",
"trust": 0.6
},
{
"db": "XF",
"id": "68896",
"trust": 0.3
},
{
"db": "BID",
"id": "73788",
"trust": 0.3
},
{
"db": "IVD",
"id": "C2A1AA96-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "01AC8DC0-1F8E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "44321",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "103691",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "PACKETSTORM",
"id": "103691"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
]
},
"id": "VAR-201107-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
}
],
"trust": 1.27383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
}
]
},
"last_update_date": "2023-12-18T12:10:35.023000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Issue XSS Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"title": "Patch for Ecava IntegraXor Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4603"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-147-02.pdf"
},
{
"trust": 2.3,
"url": "http://www.integraxor.com/blog/security-issue-xss-vulnerability-note"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/48958"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68896"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2958"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2958"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/xforce/xfdb/68896"
},
{
"trust": 0.3,
"url": "http://www.ecava.com/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44321/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44321/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44321"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "PACKETSTORM",
"id": "103691"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"db": "BID",
"id": "73788"
},
{
"db": "BID",
"id": "48958"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"db": "PACKETSTORM",
"id": "103691"
},
{
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-29T00:00:00",
"db": "IVD",
"id": "c2a1aa96-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-08-03T00:00:00",
"db": "IVD",
"id": "01ac8dc0-1f8e-11e6-abef-000c29c66e3d"
},
{
"date": "2011-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"date": "2011-07-28T00:00:00",
"db": "BID",
"id": "73788"
},
{
"date": "2011-08-02T00:00:00",
"db": "BID",
"id": "48958"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"date": "2011-08-03T03:38:13",
"db": "PACKETSTORM",
"id": "103691"
},
{
"date": "2011-07-28T18:55:04.237000",
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"date": "2011-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2970"
},
{
"date": "2011-07-28T00:00:00",
"db": "BID",
"id": "73788"
},
{
"date": "2011-08-02T00:00:00",
"db": "BID",
"id": "48958"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003487"
},
{
"date": "2017-08-29T01:29:53.287000",
"db": "NVD",
"id": "CVE-2011-2958"
},
{
"date": "2011-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"date": "2011-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "103691"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-064"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-434"
}
],
"trust": 1.3
}
}
VAR-201401-0367
Vulnerability from variot - Updated: 2023-12-18 12:08Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a buffer overflow vulnerability that could be exploited by an attacker using any resource in any DLL in the command loader's home folder. Successful exploitation of the vulnerability could cause an application to crash or execute arbitrary code in the application context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Successful exploits will allow attackers to crash the system, denying service to legitimate users. IntegraXor 4.1.4380 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.71"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.60.4061"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.00"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.5.3900.10"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.6.4000.0"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1.4360"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.71.4200"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "4.1"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.72"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.6,
"vendor": "ecava",
"version": "3.5.3900.5"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4369"
},
{
"model": "integraxor",
"scope": "lte",
"trust": 1.0,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"model": "integraxor",
"scope": "lt",
"trust": 0.8,
"vendor": "ecava",
"version": "4.1.4390"
},
{
"model": "integraxor",
"scope": "eq",
"trust": 0.6,
"vendor": "ecava",
"version": "4.1.4380"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.5.3900.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.6.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.60.4061"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.71"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.71.4200"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "3.72"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4360"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "4.1.4369"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "integraxor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4380",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma at the S4 2014 conference",
"sources": [
{
"db": "BID",
"id": "64972"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0753",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-0753",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00448",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "4761ae78-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0753",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-00448",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-400",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a buffer overflow vulnerability that could be exploited by an attacker using any resource in any DLL in the command loader\u0027s home folder. Successful exploitation of the vulnerability could cause an application to crash or execute arbitrary code in the application context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. \nSuccessful exploits will allow attackers to crash the system, denying service to legitimate users. \nIntegraXor 4.1.4380 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "BID",
"id": "64972"
},
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0753",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-016-01",
"trust": 3.0
},
{
"db": "OSVDB",
"id": "102171",
"trust": 1.0
},
{
"db": "BID",
"id": "64972",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00448",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219",
"trust": 0.8
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-14-015-01",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "56529",
"trust": 0.6
},
{
"db": "IVD",
"id": "4761AE78-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "BID",
"id": "64972"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
]
},
"id": "VAR-201401-0367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
}
],
"trust": 1.07383092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
}
]
},
"last_update_date": "2023-12-18T12:08:53.737000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Buffer Overflow Vulnerability Note",
"trust": 0.8,
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"title": "Patch for Ecava IntegraXor Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42590"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-016-01"
},
{
"trust": 1.6,
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"trust": 1.0,
"url": "http://osvdb.org/102171"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0753"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0753"
},
{
"trust": 0.6,
"url": "http://ics-cert.us-cert.gov/alerts/ics-alert-14-015-01"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56529"
},
{
"trust": 0.3,
"url": "http://www.integraxor.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "BID",
"id": "64972"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"db": "BID",
"id": "64972"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-21T00:00:00",
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"date": "2014-01-16T00:00:00",
"db": "BID",
"id": "64972"
},
{
"date": "2014-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"date": "2014-01-21T01:55:03.620000",
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"date": "2014-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00448"
},
{
"date": "2014-01-20T01:02:00",
"db": "BID",
"id": "64972"
},
{
"date": "2014-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001219"
},
{
"date": "2015-08-21T15:13:54.280000",
"db": "NVD",
"id": "CVE-2014-0753"
},
{
"date": "2014-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00448"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "4761ae78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-400"
}
],
"trust": 0.8
}
}
VAR-202203-2081
Vulnerability from variot - Updated: 2022-05-17 02:10This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "ZDI-22-488",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-488",
"trust": 0.7,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14383",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-488",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"id": "VAR-202203-2081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:10:25.516000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-488"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-488"
}
],
"trust": 0.7
}
}
VAR-202203-2060
Vulnerability from variot - Updated: 2022-05-17 02:10This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "ZDI-22-486",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-486",
"trust": 0.7,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14381",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-486",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"id": "VAR-202203-2060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:10:25.526000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-486"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-486"
}
],
"trust": 0.7
}
}
VAR-201312-0633
Vulnerability from variot - Updated: 2022-05-17 02:09This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the storing of credentials in cleartext. The issue lies in the ability to bypass file access restrictions. This can be used along with the automatic creation of backup files, which are created whenever changes are made to a project. By abusing this flaw an attacker can disclose credentials and possibly leverage this situation to achieve remote code execution.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0633",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alphazorx aka technically.screwed",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ZDI-13-277",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "ZDI-13-277",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the storing of credentials in cleartext. The issue lies in the ability to bypass file access restrictions. This can be used along with the automatic creation of backup files, which are created whenever changes are made to a project. By abusing this flaw an attacker can disclose credentials and possibly leverage this situation to achieve remote code execution.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1988",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-277",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"id": "VAR-201312-0633",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:09:05.466000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-13-277"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ecava IntegraXor Project Directory Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-277"
}
],
"trust": 0.7
}
}
VAR-202203-2055
Vulnerability from variot - Updated: 2022-05-17 02:08This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-2055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integraxor",
"scope": null,
"trust": 0.7,
"vendor": "ecava",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tran Van Khang - khangkito (VinCSS)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "ZDI-22-491",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-491",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14445",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-491",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"id": "VAR-202203-2055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5752315
},
"last_update_date": "2022-05-17T02:08:52.093000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-491"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-491"
}
],
"trust": 0.7
}
}