CVE-2014-0786
published 2014-05-01CVE-2014-0786: Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.65%
83.7th percentile
Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ecava | integraxor | < 4.1.4410 | 4.1.4410 |
| ecava | integraxor | <= 4.1.4390 | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Ecava Integraxor SCADA Server Vulnerabilities
cisa_ics·2018-09-06
Ecava Integraxor SCADA Server Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Ecava Integraxor SCADA Server Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-224-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on August 12, 2014, and is being released to the NCCIC/ICS-CERT web site.
Independent researcher Andrea Micalizzi identified an Improper Privilege Management vulnerability within Ecava’s IntegraXor SCADA Server and reported it to Zero Day Initiative (ZDI). ZDI reported the vulnerability to NCCIC/ICS-CERT. Independent researcher Alain Homewood identified three other vulnerabilities in the Ecava’
CISA ICS
Ecava IntegraXor Guest Account Information Disclosure Vulnerability
cisa_ics·2018-09-06
Ecava IntegraXor Guest Account Information Disclosure Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Ecava IntegraXor Guest Account Information Disclosure Vulnerability
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-091-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on April 1, 2014, and is now being released to the NCCIC/ICS-CERT web site.
Independent researcher Andrea Micalizzi, aka rgod, has identified an information disclosure vulnerability in the Ecava IntegraXor application. Mr. Micalizzi submitted the vulnerability to ZDI (Zero Day Initiative) who in turn, coordinated the information with ICS-CERT. Ecava has produced a new rele
GHSA
GHSA-hxvf-rx4m-qx26: Ecava IntegraXor before 4
ghsa_unreviewed·2022-05-17
CVE-2014-0786 [MEDIUM] CWE-200 GHSA-hxvf-rx4m-qx26: Ecava IntegraXor before 4
Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.integraxor.com/blog/category/security/vulnerability-note/http://www.integraxor.com/blog/category/security/vulnerability-note/https://www.cisa.gov/news-events/ics-advisories/icsa-14-091-01https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01http://www.integraxor.com/blog/category/security/vulnerability-note/
2014-05-01
Published