Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Ecava IntegraXor web service allows directory traversal outside of web root
Informations
Name VU#979776 First vendor Publication 2011-01-11
Vendor VU-CERT Last vendor Modification 2011-01-12
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#979776

Ecava IntegraXor web service allows directory traversal outside of web root

Overview

Ecava IntegraXor contains a directory traversal vulnerability

I. Description

According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition (SCADA) system. Ecava IntegraXor runs a web service that listens on port 7131/tcp. The web service in this product is vulnerable to a directory traversal vulnerability.

Public exploit code is available.

II. Impact

A remote attacker can access files outside of the web application or document root by supplying a crafted URL to an vulnerable system.

III. Solution

Ecava has released a patch to mitigate the vulnerability and has notified its customer base of the availability of the patch.

Restrict Access

Enable firewall rules to restrict access for port 7131/tcp to only trusted sources.

Vendor Information

VendorStatusDate NotifiedDate Updated
EcavaAffected2011-01-11

References

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf
http://www.exploit-db.com/exploits/15802/
http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note

Credit

This vulnerability was publicly disclosed by Luigi Auriemma.

This document was written by Michael Orlando.

Other Information

Date Public:2010-12-21
Date First Published:2011-01-11
Date Last Updated:2011-01-12
CERT Advisory: 
CVE-ID(s):CVE-2010-4598
NVD-ID(s):CVE-2010-4598
US-CERT Technical Alerts: 
Severity Metric:18.00
Document Revision:11

Original Source

Url : http://www.kb.cert.org/vuls/id/979776

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

OpenVAS Exploits

Date Description
2010-12-27 Name : Ecava IntegraXor Directory Traversal Vulnerability
File : nvt/gb_ecava_integraxor_dir_trav_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69968 Ecava IntegraXor /open file_name Parameter Traversal Arbitrary File Access

IntegraXor contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the /open script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'file_name' parameter. This directory traversal attack would allow the attacker to read arbitrary files.

Snort® IPS/IDS

Date Description
2017-06-08 IntegraXor directory traversal attempt
RuleID : 42804 - Revision : 3 - Type : SERVER-WEBAPP