Ecava IntegraXor SQL

Act Now9.8ICS-CERT ICSA-11-082-01Dec 24, 2011

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Ecava IntegraXor versions prior to 3.60 Build 4032 contain an SQL injection vulnerability (CWE-89) in user input handling. An attacker with network access can inject arbitrary SQL commands into the database without authentication, allowing unauthorized data access, modification, or deletion. The vulnerability carries a CVSS score of 9.8 (critical severity). IntegraXor versions prior to 3.60 Build 4032 have no vendor patch available, indicating the product is not receiving security updates.

What this means

What could happen

An attacker with network access could execute arbitrary SQL queries on the IntegraXor database, potentially exfiltrating sensitive operational data, modifying process configurations, or disrupting system availability.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using IntegraXor for SCADA/HMI monitoring and control. This affects any facility relying on IntegraXor to oversee pumps, generators, valves, breakers, and other plant equipment.

How it could be exploited

An attacker sends a crafted SQL injection payload through a network interface to IntegraXor. The application fails to sanitize user input before passing it to the database, allowing the attacker to inject arbitrary SQL commands and read, modify, or delete data in the underlying database.

Prerequisites

Network access to IntegraXor on its service port
No authentication required to trigger the SQL injection

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (end-of-life product)High CVSS score (9.8)Affects operational control systems

Exploitability

Moderate exploit probability (EPSS 1.0%)

Affected products (1)

ProductAffected VersionsFix Status

IntegraXor: <3.60_Build_4032<3.60 Build 4032No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate IntegraXor systems from untrusted networks using a firewall; restrict network access to only authorized engineering workstations and control room terminals

WORKAROUNDImplement input validation and parameterized queries at the application layer if possible through vendor guidance

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor IntegraXor database query logs for suspicious SQL patterns or unexpected data access

Mitigations - no patch available

0/1

IntegraXor: <3.60_Build_4032 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGContact Ecava to confirm end-of-life status and plan migration to a patched or supported alternative SCADA/HMI platform

CVEs (1)

CVE-2011-1562

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a67d065f-76cb-4793-b844-ec2810d8776a