Ecava Integraxor vulnerabilities
26 known vulnerabilities affecting ecava/integraxor.
Total CVEs
26
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH5MEDIUM15
Vulnerabilities
Page 1 of 2
CVE-2010-4598P2MEDIUMCVSS 5.0ExploitedPoC≤ 3.6.4000.0v3.5.3900.5+1 more2010-12-23
CVE-2010-4598 [MEDIUM] CWE-22 CVE-2010-4598: Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
nvd
CVE-2010-4597P2CRITICALCVSS 10.0PoC≤ 3.5.3900.52010-12-23
CVE-2010-4597 [CRITICAL] CWE-119 CVE-2010-4597: Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.d
Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.
nvd
CVE-2017-6050P2CRITICALCVSS 9.8≤ 5.2.1231.02017-06-21
CVE-2017-6050 [CRITICAL] CWE-89 CVE-2017-6050: A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The applicat
A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.
nvd
CVE-2016-8341P3CRITICALCVSS 9.8v5.0.413.02017-02-13
CVE-2016-8341 [CRITICAL] CWE-89 CVE-2016-8341: An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has p
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
nvd
CVE-2012-0246P3CRITICALCVSS 9.3≤ 3.60.4061v3.5.3900.5+3 more2012-04-02
CVE-2012-0246 [CRITICAL] CWE-22 CVE-2012-0246: Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server.
nvd
CVE-2011-1562P3HIGHCVSS 7.5≤ 3.602011-04-05
CVE-2011-1562 [HIGH] CWE-89 CVE-2011-1562: Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and
Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.
nvd
CVE-2012-4700P3CRITICALCVSS 9.3≤ 4.00v3.71+1 more2013-02-08
CVE-2012-4700 [CRITICAL] CWE-119 CVE-2012-4700: Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 buil
Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.
nvd
CVE-2016-2299P3HIGHCVSS 7.3≤ 4.2.45022016-04-22
CVE-2016-2299 [HIGH] CWE-89 CVE-2016-2299: SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to exe
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2014-2376P3HIGHCVSS 7.5≤ 4.1.4392≤ 4.1.43602014-09-15
CVE-2014-2376 [HIGH] CWE-89 CVE-2014-2376: SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2014-0753P3HIGHCVSS 7.8≤ 4.1.4380v3.5.3900.5+10 more2014-01-21
CVE-2014-0753 [HIGH] CWE-121 CVE-2014-0753: Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote at
Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.
nvd
CVE-2016-2300P3MEDIUMCVSS 6.5≤ 4.2.45022016-04-22
CVE-2016-2300 [MEDIUM] CWE-287 CVE-2016-2300: Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access u
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
nvd
CVE-2016-2306P3HIGHCVSS 7.5≤ 4.2.45022016-04-22
CVE-2016-2306 [HIGH] CWE-310 CVE-2016-2306: The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensi
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
nvd
CVE-2014-2375P3CRITICALCVSS 9.0≤ 4.1.4360≤ 4.1.43922014-09-15
CVE-2014-2375 [CRITICAL] CWE-73 CVE-2014-2375: Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remot
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.
nvd
CVE-2016-2301P3MEDIUMCVSS 6.3≤ 4.2.45022016-04-22
CVE-2016-2301 [MEDIUM] CWE-89 CVE-2016-2301: SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated us
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2017-16733P4MEDIUMCVSS 5.3≤ 6.1.1030.12017-12-20
CVE-2017-16733 [MEDIUM] CWE-89 CVE-2017-16733: A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection v
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
nvd
CVE-2017-16735P4MEDIUMCVSS 5.3≤ 6.1.1030.12017-12-20
CVE-2017-16735 [MEDIUM] CWE-89 CVE-2017-16735: A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection v
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
nvd
CVE-2014-0752P4MEDIUMCVSS 5.0≤ 4.1.4360v3.5.3900.5+8 more2014-01-09
CVE-2014-0752 [MEDIUM] CWE-529 CVE-2014-0752: The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary proje
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
nvd
CVE-2014-0786P4MEDIUMCVSS 5.0≤ 4.1.4390v4.1+5 more2014-05-01
CVE-2014-0786 [MEDIUM] CWE-200 CVE-2014-0786: Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administr
Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
nvd
CVE-2014-2377P4MEDIUMCVSS 5.0≤ 4.1.4360≤ 4.1.43922014-09-15
CVE-2014-2377 [MEDIUM] CWE-526 CVE-2014-2377: Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remot
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
nvd
CVE-2016-2303P4MEDIUMCVSS 5.3≤ 4.2.45022016-04-22
CVE-2016-2303 [MEDIUM] CVE-2016-2303: CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to in
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
nvd
1 / 2Next →