Details of VAR-201012-0060

ID

VAR-201012-0060

CVE

CVE-2010-4598

TITLE

Ecava IntegraXor Directory Traversal Vulnerability

Trust: 1.6

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // CNVD: CNVD-2010-3389 // CNNVD: CNNVD-201012-314

DESCRIPTION

Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IntegraXor "file_name" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA42730 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42730 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42730/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42730/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42730 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "file_name" parameter in "/<project name>/open" (where "<project name>" is a valid project) is not properly verified before being used to display files. Successful exploitation requires the IntegraXor Server to be started and running a project (off by default). The vulnerability is confirmed in version 3.6.4000.0. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/integraxor_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.5

sources: NVD: CVE-2010-4598 // CERT/CC: VU#979776 // JVNDB: JVNDB-2011-001001 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332 // BID: 45535 // IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // PACKETSTORM: 96914

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 2.0

AFFECTED PRODUCTS

vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5.3900.10	Trust: 2.5
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5.3900.5	Trust: 2.5
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.6.4000.0	Trust: 1.5
vendor:	ecava	model:	integraxor	scope:	lte	version:	3.6.4000.0	Trust: 1.0
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5	Trust: 0.9
vendor:	integraxor	model:	-	scope:	eq	version:	3.5.3900.5	Trust: 0.8
vendor:	integraxor	model:	-	scope:	eq	version:	3.5.3900.10	Trust: 0.8
vendor:	integraxor	model:	-	scope:	eq	version:	*	Trust: 0.8
vendor:	ecava	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ecava	model:	integraxor	scope:	lt	version:	3.6.4000.1 earlier	Trust: 0.8
vendor:	ecava	model:	integraxor	scope:	lte	version:	<=3.6.4000.0	Trust: 0.6

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // CERT/CC: VU#979776 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332 // BID: 45535 // JVNDB: JVNDB-2011-001001 // CNNVD: CNNVD-201012-314 // NVD: CVE-2010-4598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4598
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#979776
value:	18.00
Trust: 0.8
NVD:	CVE-2010-4598
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201012-314
value:	MEDIUM
Trust: 0.6
IVD:	8876dc14-2355-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	7d73dd1e-463f-11e9-802e-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	431cff94-1fa5-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	7d79f7a2-463f-11e9-b78d-000c29342cb1
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2010-4598
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	8876dc14-2355-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d73dd1e-463f-11e9-802e-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	431cff94-1fa5-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d79f7a2-463f-11e9-b78d-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // CERT/CC: VU#979776 // JVNDB: JVNDB-2011-001001 // CNNVD: CNNVD-201012-314 // NVD: CVE-2010-4598

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-001001 // NVD: CVE-2010-4598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201012-314

TYPE

Path traversal

Trust: 1.4

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001001

PATCH

title:

IntegraXor 3.6 SCADA Security Issue 20101222-0323 Vulnerability Note

url:

http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note

Trust: 0.8

sources: JVNDB: JVNDB-2011-001001

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4598	Trust: 4.1
db:	BID	id:	45535	Trust: 3.9
db:	CERT/CC	id:	VU#979776	Trust: 2.9
db:	ICS CERT ALERT	id:	ICS-ALERT-10-355-01	Trust: 2.6
db:	EXPLOIT-DB	id:	15802	Trust: 2.4
db:	VUPEN	id:	ADV-2010-3304	Trust: 2.4
db:	SECUNIA	id:	42730	Trust: 1.9
db:	CNNVD	id:	CNNVD-201012-314	Trust: 1.4
db:	CNVD	id:	CNVD-2010-3389	Trust: 1.0
db:	CNVD	id:	CNVD-2010-3332	Trust: 1.0
db:	ICS CERT	id:	ICSA-10-362-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-001001	Trust: 0.8
db:	IVD	id:	8876DC14-2355-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D73DD1E-463F-11E9-802E-000C29342CB1	Trust: 0.2
db:	IVD	id:	431CFF94-1FA5-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D79F7A2-463F-11E9-B78D-000C29342CB1	Trust: 0.2
db:	PACKETSTORM	id:	96914	Trust: 0.1

sources: IVD: 8876dc14-2355-11e6-abef-000c29c66e3d // IVD: 7d73dd1e-463f-11e9-802e-000c29342cb1 // IVD: 431cff94-1fa5-11e6-abef-000c29c66e3d // IVD: 7d79f7a2-463f-11e9-b78d-000c29342cb1 // CERT/CC: VU#979776 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332 // BID: 45535 // JVNDB: JVNDB-2011-001001 // PACKETSTORM: 96914 // CNNVD: CNNVD-201012-314 // NVD: CVE-2010-4598

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-10-355-01.pdf	Trust: 2.6
url:	http://aluigi.org/adv/integraxor_1-adv.txt	Trust: 2.5
url:	http://www.securityfocus.com/bid/45535	Trust: 2.4
url:	http://www.vupen.com/english/advisories/2010/3304	Trust: 2.4
url:	http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note	Trust: 2.1
url:	http://www.kb.cert.org/vuls/id/979776	Trust: 2.1
url:	http://secunia.com/advisories/42730	Trust: 1.8
url:	http://www.exploit-db.com/exploits/15802	Trust: 1.6
url:	http://www.exploit-db.com/exploits/15802/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4598	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-10-362-01_ecava_integraxor_directory_traversal.pdf	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu979776	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4598	Trust: 0.8
url:	http://www.securityfocus.com/bid/45535http	Trust: 0.6
url:	http://www.ecava.com/index.htm	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://aluigi.altervista.org/adv/integraxor_1-adv.txt	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/advisories/42730/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/42730/#comments	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42730	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#979776 // CNVD: CNVD-2010-3389 // CNVD: CNVD-2010-3332 // BID: 45535 // JVNDB: JVNDB-2011-001001 // PACKETSTORM: 96914 // CNNVD: CNNVD-201012-314 // NVD: CVE-2010-4598

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 45535 // CNNVD: CNNVD-201012-314

SOURCES

db:	IVD	id:	8876dc14-2355-11e6-abef-000c29c66e3d
db:	IVD	id:	7d73dd1e-463f-11e9-802e-000c29342cb1
db:	IVD	id:	431cff94-1fa5-11e6-abef-000c29c66e3d
db:	IVD	id:	7d79f7a2-463f-11e9-b78d-000c29342cb1
db:	CERT/CC	id:	VU#979776
db:	CNVD	id:	CNVD-2010-3389
db:	CNVD	id:	CNVD-2010-3332
db:	BID	id:	45535
db:	JVNDB	id:	JVNDB-2011-001001
db:	PACKETSTORM	id:	96914
db:	CNNVD	id:	CNNVD-201012-314
db:	NVD	id:	CVE-2010-4598

LAST UPDATE DATE

2024-08-14T14:58:32.566000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#979776	date:	2011-01-12T00:00:00
db:	CNVD	id:	CNVD-2010-3389	date:	2010-12-24T00:00:00
db:	CNVD	id:	CNVD-2010-3332	date:	2010-12-22T00:00:00
db:	BID	id:	45535	date:	2011-01-11T15:22:00
db:	JVNDB	id:	JVNDB-2011-001001	date:	2011-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201012-314	date:	2010-12-27T00:00:00
db:	NVD	id:	CVE-2010-4598	date:	2011-01-14T06:48:40.307

SOURCES RELEASE DATE

db:	IVD	id:	8876dc14-2355-11e6-abef-000c29c66e3d	date:	2010-12-24T00:00:00
db:	IVD	id:	7d73dd1e-463f-11e9-802e-000c29342cb1	date:	2010-12-24T00:00:00
db:	IVD	id:	431cff94-1fa5-11e6-abef-000c29c66e3d	date:	2010-12-22T00:00:00
db:	IVD	id:	7d79f7a2-463f-11e9-b78d-000c29342cb1	date:	2010-12-22T00:00:00
db:	CERT/CC	id:	VU#979776	date:	2011-01-11T00:00:00
db:	CNVD	id:	CNVD-2010-3389	date:	2010-12-24T00:00:00
db:	CNVD	id:	CNVD-2010-3332	date:	2010-12-22T00:00:00
db:	BID	id:	45535	date:	2010-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2011-001001	date:	2011-01-21T00:00:00
db:	PACKETSTORM	id:	96914	date:	2010-12-23T06:21:14
db:	CNNVD	id:	CNNVD-201012-314	date:	2010-12-24T00:00:00
db:	NVD	id:	CVE-2010-4598	date:	2010-12-23T18:00:03.977