Ecava Integraxor SCADA Server Vulnerabilities

Low RiskICS-CERT ICSA-14-224-01May 15, 2014

Summary

Ecava IntegraXor SCADA Server versions 4.1.4360 and 4.1.4392 contain multiple vulnerabilities including path traversal (CWE-73), SQL injection (CWE-89), insufficient logging (CWE-526), and insufficient access controls (CWE-269). These weaknesses allow an attacker with network access to execute arbitrary code, modify process data, or bypass authentication controls. No vendor patch is available for these versions.

What this means

What could happen

An attacker could execute arbitrary code on the SCADA server, allowing them to modify process data, alter control logic, or disable monitoring and alarms that operators depend on to run the system safely.

Who's at risk

Energy sector operators using Ecava IntegraXor SCADA Server for process monitoring and control of generation, transmission, or distribution equipment. This affects any facility relying on this server for remote monitoring, alarm management, or automated process control.

How it could be exploited

An attacker with network access to the IntegraXor SCADA Server could exploit path traversal (CWE-73), SQL injection (CWE-89), or insufficient access controls (CWE-269) to execute arbitrary commands on the server. Once inside, they could modify the database or process configurations without being logged or detected.

Prerequisites

Network access to the IntegraXor SCADA Server port (typically 8080 or custom configured)
Vulnerable version 4.1.4360 or 4.1.4392 running

Remotely exploitableNo patch availableInsufficient access controlsSQL injection possiblePath traversal possibleAffects critical monitoring and control systems

Exploitability

Moderate exploit probability (EPSS 1.9%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

IntegraXor SCADA Server: <=v4.1.4360≤ v4.1.4360No fix (EOL)

IntegraXor SCADA Server: <=v4.1.4392≤ v4.1.4392No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGDeploy a firewall rule to limit inbound connections to the SCADA server port to known, trusted IP addresses only

WORKAROUNDMonitor the SCADA server for suspicious login attempts, SQL queries, and file access outside normal operations

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: IntegraXor SCADA Server: <=v4.1.4360, IntegraXor SCADA Server: <=v4.1.4392. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to the IntegraXor SCADA Server to only authorized engineering workstations and operator consoles

HARDENINGConsider upgrading to a newer SCADA platform with active vendor support and security patches

CVEs (4)

CVE-2014-2375 CVE-2014-2376 CVE-2014-2377 CVE-2014-0786

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b5a531d6-4e10-4a11-a9ff-80cd7703ea9e