Ecava IntegraXor Vulnerabilities

Monitor7.5ICS-CERT ICSA-16-105-03Jan 16, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Ecava IntegraXor versions prior to 5.0 build 4522 contain multiple vulnerabilities affecting confidentiality and integrity. The system has weak cryptographic protection (CWE-319), lack of input validation (CWE-89, CWE-79, CWE-113), insufficient access controls (CWE-285, CWE-87), and information disclosure flaws (CWE-200). These allow unauthenticated remote attackers to extract sensitive data including credentials, configuration details, and process parameters. No vendor patch is currently available.

What this means

What could happen

An attacker with network access could read sensitive data from IntegraXor SCADA systems, including authentication credentials and configuration information, potentially allowing lateral movement to other industrial control systems.

Who's at risk

Water utilities, electric utilities, and other water/wastewater facilities that use Ecava IntegraXor for SCADA monitoring and control of pumps, valves, treatment processes, and power distribution equipment. Any facility using legacy IntegraXor versions below 5.0 build 4522 is affected.

How it could be exploited

An attacker on the network connects to the IntegraXor web interface or API without authentication. The system's lack of input validation (CWE-89, CWE-79, CWE-113) and weak cryptography (CWE-319) allow injection of commands or bypass of access controls to extract plaintext sensitive data (CWE-200).

Prerequisites

Network access to IntegraXor web interface or API (typically port 80/443)
No valid credentials required
Default or insecure configuration

remotely exploitableno authentication requiredlow complexityno patch availablehigh CVSS score (7.5)

Exploitability

Moderate exploit probability (EPSS 1.3%)

Affected products (1)

ProductAffected VersionsFix Status

IntegraXor: <5.0_build_4522<5.0 build 4522No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImplement firewall rules to restrict network access to IntegraXor systems; allow only authorized engineering workstations and HMI operators

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply vendor patches when available; monitor Ecava for IntegraXor version 5.0 build 4522 or later

Mitigations - no patch available

0/2

IntegraXor: <5.0_build_4522 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment IntegraXor systems onto a dedicated OT network isolated from business networks and the internet

HARDENINGMonitor network traffic to and from IntegraXor for suspicious or unauthorized connections

CVEs (8)

CVE-2016-2306 CVE-2016-2305 CVE-2016-2304 CVE-2016-2303 CVE-2016-2300 CVE-2016-2299 CVE-2016-2302 CVE-2016-2301

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/72dd8660-a728-401b-90a1-28a2d745a08b