Ecava IntegraXor contains a directory traversal vulnerability
According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition (SCADA) system. Ecava IntegraXor runs a web service that listens on port 7131/tcp. The web service in this product is vulnerable to a directory traversal vulnerability.
Public exploit code is available.
A remote attacker can access files outside of the web application or document root by supplying a crafted URL to an vulnerable system.
Ecava has released a patch to mitigate the vulnerability and has notified its customer base of the availability of the patch.
This vulnerability was publicly disclosed by Luigi Auriemma.
This document was written by Michael Orlando.
|Date First Published:||2011-01-11|
|Date Last Updated:||2011-01-12 18:01 UTC|