ICS Alert

Ecava IntegraXor Directory Traversal

Last Revised
Alert Code
ICS-ALERT-10-355-01

Description

A cybersecurity researcher has reported a new vulnerability in Ecava IntegraXor. The web server is susceptible to a directory traversal attack. Exploit code is available.

SUMMARY

A cybersecurity researcher has reported a new vulnerability in Ecava IntegraXor. The web server is susceptible to a directory traversal attack. Exploit code is available.

IntegraXor is a suite of tools used to create and run a web-based human-machine interface (HMI) for a Supervisory Control and Data Acquisition (SCADA) system and is used primarily in Malaysia. Ecava specializes in factory and process automation solutions.

ICS-CERT has not independently verified this vulnerability. ICS-CERT is providing this information as an immediate notification of new activity and is working with the vendor on mitigation options. Further information will be released as it becomes available.

FOLLOW-UP

ICS-CERT released a follow-up advisory titled ICSA-10-362-01 Ecava IntegraXor Directory Traversal on the ICS-CERT Web site, on December 28, 2010.

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

Ecava