CVE-2017-16733
published 2017-12-20CVE-2017-16733: A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can…
PriorityP433medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
0.92%
55.8th percentile
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ecava | integraxor | <= 6.1.1030.1 | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-33qr-2f3g-3c52: A SQL Injection issue was discovered in Ecava IntegraXor v 6
ghsa_unreviewed·2022-05-14
CVE-2017-16733 [MEDIUM] CWE-89 GHSA-33qr-2f3g-3c52: A SQL Injection issue was discovered in Ecava IntegraXor v 6
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
CISA ICS
Ecava IntegraXor
cisa_ics·2017-12-19
Ecava IntegraXor
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Ecava IntegraXor
Last RevisedDecember 19, 2017
Alert CodeICSA-17-353-03
## CVSS v3 5.3
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Ecava
Equipment: IntegraXor
Vulnerabilities: SQL Injection
## AFFECTED PRODUCTS
The following version of IntegraXor, a web SCADA/HMI solution, is affected:
- Ecava IntegraXor v 6.1.1030.1 and prior.
## IMPACT
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the database or generate an error in the database log.
## MITIGATION
Ecava recommends that users of
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-12-20
Published