Ecava IntegraXor Buffer Overflow
Act NowICS-CERT ICSA-10-322-01Aug 21, 2010
Summary
Ecava IntegraXor products contain a buffer overflow vulnerability (CWE-119) in WebSCADA (WS100, WS200), Easy Connect (EC150), Modbus RTU-TCP Gateway (MB100), and Serial Ethernet Server (SS100). All versions of these products are affected. The buffer overflow occurs due to improper input validation and could allow an attacker with network access to execute arbitrary code on the affected device. No vendor patch is available for any affected product.
What this means
What could happen
A buffer overflow in Ecava products could allow an attacker with network access to execute arbitrary code on affected devices, potentially disrupting SCADA operations, alarm systems, or gateway functions that monitor and control industrial processes.
Who's at risk
Energy sector operators using Ecava WebSCADA systems (WS100, WS200), Easy Connect gateways (EC150), Modbus RTU-TCP bridges (MB100), or Serial Ethernet Servers (SS100) for SCADA monitoring, remote access, protocol conversion, or serial device bridging are at risk. This affects SCADA interfaces, data aggregation points, and gateway devices that connect legacy industrial equipment to modern networks.
How it could be exploited
An attacker sends a specially crafted packet or command to the affected Ecava device (WebSCADA, Easy Connect, Modbus gateway, or Serial Ethernet Server) over the network. The device does not properly validate input length, causing a buffer overflow that allows the attacker to overwrite memory and execute arbitrary code on the device.
Prerequisites
- Network access to the affected Ecava device (port depends on product: WebSCADA typically uses web ports, Modbus RTU-TCP uses port 502, Serial Ethernet Server uses standard serial/Ethernet bridging ports)
- No authentication credentials required to trigger the buffer overflow
remotely exploitableno authentication requiredlow complexityno patch availablehigh EPSS score (31.3%)
Exploitability
High exploit probability (EPSS 31.3%)
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
WebSCADA (WS100): vers:all/*All versionsNo fix (EOL)
WebSCADA (WS200): vers:all/*All versionsNo fix (EOL)
Easy Connect (EC150): vers:all/*All versionsNo fix (EOL)
Serial Ethernet Server (SS100): vers:all/*All versionsNo fix (EOL)
Modbus RTU – TCP Gateway (MB100): vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WebSCADA (WS100): vers:all/*
HARDENINGIsolate affected Ecava devices (WebSCADA WS100/WS200, Easy Connect EC150, Modbus RTU-TCP Gateway MB100, Serial Ethernet Server SS100) from untrusted networks using network segmentation, firewalls, or air-gapping if operationally feasible
All products
HARDENINGRestrict inbound network access to affected Ecava devices to only trusted engineering workstations and control systems using firewall rules
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
WORKAROUNDContact Ecava for technical guidance on firmware updates, security patches, or alternative products with security fixes
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: WebSCADA (WS100): vers:all/*, WebSCADA (WS200): vers:all/*, Easy Connect (EC150): vers:all/*, Serial Ethernet Server (SS100): vers:all/*, Modbus RTU – TCP Gateway (MB100): vers:all/*. Apply the following compensating controls:
HARDENINGMonitor network traffic to and from affected Ecava devices for suspicious activity or unexpected connections
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/bc018d95-1ead-4263-a7ea-35614ae63994