Ecava IntegraXor
Plan Patch7.3ICS-CERT ICSA-17-171-01Jun 20, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
IntegraXor versions 5.2.1231.0 and earlier contain SQL injection vulnerabilities that allow unauthenticated remote attackers to query, modify, or delete database contents. The vulnerability is remotely exploitable with low complexity.
What this means
What could happen
An attacker could inject SQL commands to read, modify, or delete data in the IntegraXor database without authentication, potentially corrupting historical records, alarms, or configuration data critical to SCADA monitoring and control.
Who's at risk
Any organization running IntegraXor as a SCADA/HMI platform, including utilities, water authorities, and manufacturing facilities that depend on IntegraXor for process monitoring and historical data integrity. This affects both the HMI workstations and any connected engineering or historian systems.
How it could be exploited
An attacker with network access to the IntegraXor instance sends crafted SQL injection payloads through the affected input interface. Since no authentication is required, the attacker can directly query or modify the backend database to alter process records, disable alarms, or corrupt system configuration.
Prerequisites
- Network access to IntegraXor instance
- No credentials required
remotely exploitableno authentication requiredlow complexityaffects data integrity
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (1)
ProductAffected VersionsFix Status
IntegraXor:≤ 5.2.1231.06.0.522.1 or newer
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate IntegraXor to version 6.0.522.1 or newer
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ec3b9c4e-800c-4760-9160-3da077cf3c22