Ecava IntegraXor

Monitor5.3ICS-CERT ICSA-17-353-03Dec 19, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Ecava IntegraXor versions 6.1.1030.1 and prior contain a SQL injection vulnerability (CWE-89) in the web interface. The vulnerability allows unauthenticated network access to inject SQL commands, potentially leading to unauthorized data access.

What this means

What could happen

An attacker could access or retrieve sensitive data from the IntegraXor database without authentication by injecting SQL commands through the web interface. Depending on the data stored and system configuration, this could expose operational or configuration information.

Who's at risk

Organizations running Ecava IntegraXor for SCADA/HMI operations, including utilities, manufacturing, and process control environments. Affected equipment includes IntegraXor-managed PLCs, RTUs, and networked control devices where the HMI is internet-facing or accessible from untrusted networks.

How it could be exploited

An attacker sends a crafted HTTP request to the IntegraXor web interface containing SQL injection payloads. The application fails to sanitize user input before constructing SQL queries, allowing the attacker to manipulate the query logic and extract data from the backend database.

Prerequisites

Network access to the IntegraXor web interface port (typically port 80 or 443)
No credentials required
IntegraXor version 6.1.1030.1 or prior

remotely exploitableno authentication requiredlow complexitySQL injection can expose sensitive configuration and operational data

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

IntegraXor: v 6.1.1030.1 and prior≤ 6.1.1030.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement network access controls and firewall rules to restrict access to the IntegraXor web interface to authorized engineering workstations and administrative networks only

HARDENINGDisable remote access to the IntegraXor web interface if not required for operational needs

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement intrusion detection signatures to monitor for SQL injection attempts targeting IntegraXor

HARDENINGMonitor database access logs for suspicious query patterns or unexpected data extraction attempts

Mitigations - no patch available

0/1

IntegraXor: v 6.1.1030.1 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment the IntegraXor HMI system from corporate networks and the Internet using air-gapping or DMZ architecture

CVEs (2)

CVE-2017-16733 CVE-2017-16735

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0d202ed9-801f-41e1-9926-ba861782cb9b