OTPulse
FeedAboutContact

Ecava IntegraXor DLL Vulnerabilities

Low RiskICS-CERT ICSA-15-090-02Jan 1, 2015
Summary

Ecava IntegraXor SCADA Server contains DLL vulnerabilities (CWE-427) in versions prior to 4.2.4488. The advisory does not specify the technical details of the DLL loading issues, but CWE-427 typically involves insecure DLL search path or DLL preloading attacks that could allow local privilege escalation or code execution.

What this means
What could happen
An attacker with local access to the SCADA server could load a malicious DLL to execute code with the privileges of the IntegraXor process, potentially gaining control over industrial control system operations.
Who's at risk
Energy utilities operating Ecava IntegraXor SCADA Server version 4.2.4488 or earlier are affected. This includes organizations using IntegraXor for real-time process monitoring, data logging, and supervisory control in substations, generation plants, and distribution control centers.
How it could be exploited
An attacker with local access to the SCADA server host could exploit insecure DLL loading behavior by placing a malicious DLL in a directory searched by IntegraXor before legitimate system directories. When IntegraXor loads the DLL, the malicious code executes in the SCADA process context, allowing the attacker to control process logic and commands.
Prerequisites
  • Local access to the SCADA server host filesystem
  • Ability to write files to a directory in the DLL search path
  • IntegraXor process running with elevated privileges
no patch availableDLL preloading/hijacking riskaffects SCADA systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
IntegraXor SCADA Server: <4.2.4488<4.2.4488No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict file write access on the SCADA server to trusted administrators only; remove write permissions from standard users on system directories and application directories
HARDENINGImplement access controls to limit local logon to the SCADA server host to authorized personnel only
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade IntegraXor SCADA Server to version 4.2.4488 or later
HARDENINGMonitor for unauthorized DLL files in system and application directories using file integrity monitoring
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/504db9be-dfc4-4870-8503-c73007aee775
Ecava IntegraXor DLL Vulnerabilities - OTPulse