Vulnerability Note VU#979776
Ecava IntegraXor web service allows directory traversal outside of web root
Ecava IntegraXor contains a directory traversal vulnerability
According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition (SCADA) system. Ecava IntegraXor runs a web service that listens on port 7131/tcp. The web service in this product is vulnerable to a directory traversal vulnerability.
Public exploit code is available.
A remote attacker can access files outside of the web application or document root by supplying a crafted URL to an vulnerable system.
Ecava has released a patch to mitigate the vulnerability and has notified its customer base of the availability of the patch.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Ecava||Affected||-||11 Jan 2011|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by Luigi Auriemma.
This document was written by Michael Orlando.
- CVE IDs: CVE-2010-4598
- Date Public: 21 Dec 2010
- Date First Published: 11 Jan 2011
- Date Last Updated: 12 Jan 2011
- Severity Metric: 18.00
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.