SQL Injection in Ecava Integraxor

CVE-2014-2376

SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Vulnerability class: SQL Injection

EPSS: 0.003 (52.9th percentile) — read the EPSS interpretation.

Affected products

Ecava Integraxor
Ecava Integraxor Scada Server — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

ics-cert@hq.dhs.gov
af854a3a-2127-422b-91ae-364da2661108 (Patch, Third Party Advisory, US Government Resource)