CVE-2015-0990
published 2015-04-03CVE-2015-0990: Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default…
PriorityP414medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EPSS
0.36%
27.7th percentile
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ecava | integraxor | <= 4.1.4450 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Ecava IntegraXor DLL Vulnerabilities
cisa_ics·2018-08-27
Ecava IntegraXor DLL Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Ecava IntegraXor DLL Vulnerabilities
Last RevisedAugust 27, 2018
Alert CodeICSA-15-090-02
## OVERVIEW
Security researcher Praveen Darshanam has identified two DLL loading vulnerabilities in Ecava’s IntegraXor SCADA Server. Ecava has produced a patch that mitigates these vulnerabilities. Praveen Darshanam has tested the patch to validate that it resolves the vulnerabilities.
## AFFECTED PRODUCTS
The following SCADA Servers are affected:
- IntegraXor SCADA Server prior to Version 4.2.4488
## IMPACT
Loading and executing an insecure DLL is equivalent to running malicious code
GHSA
GHSA-53vj-w3fj-vrq3: Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4
ghsa_unreviewed·2022-05-17
CVE-2015-0990 [MEDIUM] GHSA-53vj-w3fj-vrq3: Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.
No detection rules found.
No public exploits indexed.
2015-04-03
Published