ID

VAR-201012-0060


CVE

CVE-2010-4598


TITLE

Ecava IntegraXor Directory Traversal Vulnerability

Trust: 1.6

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // CNVD: CNVD-2010-3389 // CNNVD: CNNVD-201012-314

DESCRIPTION

Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IntegraXor "file_name" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA42730 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42730 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42730/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42730/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42730 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "file_name" parameter in "/<project name>/open" (where "<project name>" is a valid project) is not properly verified before being used to display files. Successful exploitation requires the IntegraXor Server to be started and running a project (off by default). The vulnerability is confirmed in version 3.6.4000.0. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/integraxor_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.5

sources: NVD: CVE-2010-4598 // CERT/CC: VU#979776 // JVNDB: JVNDB-2011-001001 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332 // BID: 45535 // IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // PACKETSTORM: 96914

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.0

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332

AFFECTED PRODUCTS

vendor:ecavamodel:integraxorscope:eqversion:3.5.3900.10

Trust: 2.5

vendor:ecavamodel:integraxorscope:eqversion:3.5.3900.5

Trust: 2.5

vendor:ecavamodel:integraxorscope:eqversion:3.6.4000.0

Trust: 1.5

vendor:ecavamodel:integraxorscope:lteversion:3.6.4000.0

Trust: 1.0

vendor:ecavamodel:integraxorscope:eqversion:3.5

Trust: 0.9

vendor:integraxormodel: - scope:eqversion:3.5.3900.5

Trust: 0.8

vendor:integraxormodel: - scope:eqversion:3.5.3900.10

Trust: 0.8

vendor:integraxormodel: - scope:eqversion:*

Trust: 0.8

vendor:ecavamodel: - scope: - version: -

Trust: 0.8

vendor:ecavamodel:integraxorscope:ltversion:3.6.4000.1 earlier

Trust: 0.8

vendor:ecavamodel:integraxorscope:lteversion:<=3.6.4000.0

Trust: 0.6

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // CERT/CC: VU#979776 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332 // BID: 45535 // JVNDB: JVNDB-2011-001001 // CNNVD: CNNVD-201012-314 // NVD: CVE-2010-4598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4598
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#979776
value: 18.00

Trust: 0.8

NVD: CVE-2010-4598
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201012-314
value: MEDIUM

Trust: 0.6

IVD: 8876dc14-2355-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2010-4598
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 8876dc14-2355-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // CERT/CC: VU#979776 // JVNDB: JVNDB-2011-001001 // CNNVD: CNNVD-201012-314 // NVD: CVE-2010-4598

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-001001 // NVD: CVE-2010-4598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201012-314

TYPE

Path traversal

Trust: 1.4

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // CNNVD: CNNVD-201012-314

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001001

PATCH

title:IntegraXor 3.6 SCADA Security Issue 20101222-0323 Vulnerability Noteurl:http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note

Trust: 0.8

sources: JVNDB: JVNDB-2011-001001

EXTERNAL IDS

db:NVDid:CVE-2010-4598

Trust: 4.1

db:BIDid:45535

Trust: 3.9

db:CERT/CCid:VU#979776

Trust: 2.9

db:ICS CERT ALERTid:ICS-ALERT-10-355-01

Trust: 2.6

db:EXPLOIT-DBid:15802

Trust: 2.4

db:VUPENid:ADV-2010-3304

Trust: 2.4

db:SECUNIAid:42730

Trust: 1.9

db:CNNVDid:CNNVD-201012-314

Trust: 1.4

db:CNVDid:CNVD-2010-3389

Trust: 1.0

db:CNVDid:CNVD-2010-3332

Trust: 1.0

db:ICS CERTid:ICSA-10-362-01

Trust: 0.8

db:JVNDBid:JVNDB-2011-001001

Trust: 0.8

db:IVDid:8876DC14-2355-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7D73DD1E-463F-11E9-802E-000C29342CB1

Trust: 0.2

db:IVDid:431CFF94-1FA5-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7D79F7A2-463F-11E9-B78D-000C29342CB1

Trust: 0.2

db:PACKETSTORMid:96914

Trust: 0.1

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // CERT/CC: VU#979776 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332 // BID: 45535 // JVNDB: JVNDB-2011-001001 // PACKETSTORM: 96914 // CNNVD: CNNVD-201012-314 // NVD: CVE-2010-4598

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-10-355-01.pdf

Trust: 2.6

url:http://aluigi.org/adv/integraxor_1-adv.txt

Trust: 2.5

url:http://www.securityfocus.com/bid/45535

Trust: 2.4

url:http://www.vupen.com/english/advisories/2010/3304

Trust: 2.4

url:http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note

Trust: 2.1

url:http://www.kb.cert.org/vuls/id/979776

Trust: 2.1

url:http://secunia.com/advisories/42730

Trust: 1.8

url:http://www.exploit-db.com/exploits/15802

Trust: 1.6

url:http://www.exploit-db.com/exploits/15802/

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4598

Trust: 0.8

url:http://www.us-cert.gov/control_systems/pdf/icsa-10-362-01_ecava_integraxor_directory_traversal.pdf

Trust: 0.8

url:http://jvn.jp/cert/jvnvu979776

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4598

Trust: 0.8

url:http://www.securityfocus.com/bid/45535http

Trust: 0.6

url:http://www.ecava.com/index.htm

Trust: 0.3

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://aluigi.altervista.org/adv/integraxor_1-adv.txt

Trust: 0.1

url:http://secunia.com/products/corporate/vim/

Trust: 0.1

url:http://secunia.com/advisories/42730/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/advisories/42730/#comments

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42730

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#979776 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332 // BID: 45535 // JVNDB: JVNDB-2011-001001 // PACKETSTORM: 96914 // CNNVD: CNNVD-201012-314 // NVD: CVE-2010-4598

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 45535 // CNNVD: CNNVD-201012-314

SOURCES

db:IVDid:8876dc14-2355-11e6-abef-000c29c66e3d
db:IVDid:7d73dd1e-463f-11e9-802e-000c29342cb1
db:IVDid:431cff94-1fa5-11e6-abef-000c29c66e3d
db:IVDid:7d79f7a2-463f-11e9-b78d-000c29342cb1
db:CERT/CCid:VU#979776
db:CNVDid:CNVD-2010-3389
db:CNVDid:CNVD-2010-3332
db:BIDid:45535
db:JVNDBid:JVNDB-2011-001001
db:PACKETSTORMid:96914
db:CNNVDid:CNNVD-201012-314
db:NVDid:CVE-2010-4598

LAST UPDATE DATE

2024-11-23T22:02:59.142000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#979776date:2011-01-12T00:00:00
db:CNVDid:CNVD-2010-3389date:2010-12-24T00:00:00
db:CNVDid:CNVD-2010-3332date:2010-12-22T00:00:00
db:BIDid:45535date:2011-01-11T15:22:00
db:JVNDBid:JVNDB-2011-001001date:2011-01-21T00:00:00
db:CNNVDid:CNNVD-201012-314date:2010-12-27T00:00:00
db:NVDid:CVE-2010-4598date:2024-11-21T01:21:18.940

SOURCES RELEASE DATE

db:IVDid:8876dc14-2355-11e6-abef-000c29c66e3ddate:2010-12-24T00:00:00
db:IVDid:7d73dd1e-463f-11e9-802e-000c29342cb1date:2010-12-24T00:00:00
db:IVDid:431cff94-1fa5-11e6-abef-000c29c66e3ddate:2010-12-22T00:00:00
db:IVDid:7d79f7a2-463f-11e9-b78d-000c29342cb1date:2010-12-22T00:00:00
db:CERT/CCid:VU#979776date:2011-01-11T00:00:00
db:CNVDid:CNVD-2010-3389date:2010-12-24T00:00:00
db:CNVDid:CNVD-2010-3332date:2010-12-22T00:00:00
db:BIDid:45535date:2010-12-21T00:00:00
db:JVNDBid:JVNDB-2011-001001date:2011-01-21T00:00:00
db:PACKETSTORMid:96914date:2010-12-23T06:21:14
db:CNNVDid:CNNVD-201012-314date:2010-12-24T00:00:00
db:NVDid:CVE-2010-4598date:2010-12-23T18:00:03.977