Ecava IntegraXor ActiveX Directory Traversal

Low RiskICS-CERT ICSA-12-083-01Dec 25, 2012

Summary

Ecava IntegraXor ActiveX component contains a directory traversal vulnerability (CWE-35) in versions prior to 3.71.4200. An attacker could potentially access files outside the intended directory structure on systems running the affected ActiveX control.

What this means

What could happen

An attacker could read sensitive files on a workstation or server running IntegraXor's ActiveX control, potentially exposing configuration data, credentials, or other confidential information used in your process control environment.

Who's at risk

Organizations using Ecava IntegraXor for SCADA monitoring, data visualization, or industrial dashboards should be concerned. This affects engineering workstations, operator consoles, and any systems running the IntegraXor ActiveX control on Windows with Internet Explorer.

How it could be exploited

An attacker would need to get a user to open a specially crafted webpage or document that loads the vulnerable ActiveX control in Internet Explorer or a compatible browser. The attacker could then use directory traversal sequences (e.g., ../) to access files outside the intended application directory.

Prerequisites

User interaction required - victim must load malicious webpage or document
ActiveX control must be installed on the user's workstation
Internet Explorer or compatible browser with ActiveX support enabled

No patch availableDirectory traversal allows file read accessRequires user interaction but ActiveX auto-loads in legacy environments

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

IntegraXor: <3.71.4200<3.71.4200No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict Internet Explorer access on engineering workstations and operator consoles to trusted internal sites only using Group Policy or firewall rules

WORKAROUNDDisable ActiveX execution in Internet Explorer for the Internet zone; allow only in Intranet and Trusted Sites zones

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGDisable or remove the IntegraXor ActiveX control if it is no longer required for operations

Mitigations - no patch available

0/2

IntegraXor: <3.71.4200 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate engineering workstations running IntegraXor on a separate network segment with restricted outbound access

HARDENINGEvaluate replacement of IntegraXor with a modern, actively supported SCADA visualization platform

CVEs (1)

CVE-2012-0246

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/02054ee0-e487-4ed8-b010-956b440d8029