Ecava IntegraXor contains a directory traversal vulnerability
According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition (SCADA) system. Ecava IntegraXor runs a web service that listens on port 7131/tcp. The web service in this product is vulnerable to a directory traversal vulnerability.
Public exploit code is available.
A remote attacker can access files outside of the web application or document root by supplying a crafted URL to an vulnerable system.
Ecava has released a patch to mitigate the vulnerability and has notified its customer base of the availability of the patch.
This vulnerability was publicly disclosed by Luigi Auriemma.
|Date First Published:||2011-01-11|
|Date Last Updated:||2011-01-12 18:01 UTC|