Vulnerability Note VU#603928
Ecava IntegraXor stack-based buffer overflow vulnerability
Overview
Ecava IntegraXor contains a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow the execution of arbitrary code.
Description
According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition (SCADA) system. Ecava IntegraXor is vulnerable to a stack-based buffer overflow when more than 1024 bytes are written to the fixed-size stack buffer. When an exploit sends a request greater than 1024 bytes, IntegraXor writes past the buffer bounds and corrupts memory, allowing execution of arbitrary code. |
Impact
An attacker can cause the device to crash and may be able to execute arbitrary code. |
Solution
Ecava has released a patch to mitigate the vulnerability and has notified its customer base of the availability of the patch. |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Ecava | Affected | - | 16 Dec 2010 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to Jeremy Brown for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
- CVE IDs: Unknown
- Date Public: 16 Dec 2010
- Date First Published: 17 Dec 2010
- Date Last Updated: 21 Dec 2010
- Severity Metric: 21.83
- Document Revision: 18
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.