Vulnerability Note VU#979776

Ecava IntegraXor web service allows directory traversal outside of web root

Original Release date: 11 Jan 2011 | Last revised: 12 Jan 2011


Ecava IntegraXor contains a directory traversal vulnerability


According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition (SCADA) system. Ecava IntegraXor runs a web service that listens on port 7131/tcp. The web service in this product is vulnerable to a directory traversal vulnerability.

Public exploit code is available.


A remote attacker can access files outside of the web application or document root by supplying a crafted URL to an vulnerable system.


Ecava has released a patch to mitigate the vulnerability and has notified its customer base of the availability of the patch.

Restrict Access

Enable firewall rules to restrict access for port 7131/tcp to only trusted sources.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
EcavaAffected-11 Jan 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was publicly disclosed by Luigi Auriemma.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2010-4598
  • Date Public: 21 Dec 2010
  • Date First Published: 11 Jan 2011
  • Date Last Updated: 12 Jan 2011
  • Severity Metric: 18.00
  • Document Revision: 11


If you have feedback, comments, or additional information about this vulnerability, please send us email.