The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
"}],"value":"The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL."}],"metrics":[{"cvssV2_0":{"accessComplexity":"LOW","accessVector":"NETWORK","authentication":"NONE","availabilityImpact":"PARTIAL","baseScore":7.5,"confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","version":"2.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-529","description":"CWE-529","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2025-08-22T22:53:01.252Z"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.integraxor.com/blog/category/security/vulnerability-note/"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-008-01"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Ecava Sdn Bhd has issued a customer notification that details this \nvulnerability and provides mitigations to its customers. Ecava Sdn Bhd \nrecommends users download and install the update, IntegraXor SCADA \nServer 4.1.4369, from their support Web site: http://www.integraxor.com/download/beta.msi?4.1.4369
For additional information, please see Ecava’s vulnerability note: http://www.integraxor.com/blog/category/security/vulnerability-note/
\n\n