S4 Report: Ecava Vulnerability

Wednesday, January 15, 2014 @ 06:01 PM gHale

Ecava now has mitigation plan for its user after a public report released about a buffer overflow vulnerability with proof-of-concept (PoC) exploit code affecting Ecava IntegraXor, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product, according to a report on ICS-CERT.

The remotely exploitable vulnerability could suffer a denial of service (DoS) if an attacker uses a command to load an arbitrary resource from an arbitrary DLL located in the program’s main folder, according to the report released by Luigi Auriemma at the S4 2014 conference in Miami, FL, without coordination with either the vendor or ICS-CERT.

RELATED STORIES
WellinTech Fixes Two Vulnerabilities
Schneider Fixes ClearSCADA Vulnerability
Ecava Fixes Project Directory Hole
Advantech Fixes Hole with Upgrade

After learning about the report, ICS-CERT notified the affected vendor and asked Ecava to confirm the vulnerability and identify mitigations. ICS-CERT issued the alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The following Ecava IntegraXor version suffers from the issue, with earlier versions likely also having the vulnerability: IntegraXor Version 4.1.4380.

Ecava Sdn Bhd is a Malaysia-based software development company that provides the IntegraXor SCADA product. Ecava specializes in factory and process automation solutions.

IntegraXor is a suite of tools used to create and run a Web-based human-machine interface for a SCADA system. IntegraXor sees use in several areas of process control in 38 countries with the largest installation based in the United Kingdom, United States, Australia, Poland, Canada, and Estonia.

Ecava issued a customer notification that details this vulnerability and provides mitigation guidance to its customers. Ecava Sdn Bhd recommends users download and install the update, IntegraXor SCADA Server 4.1.4390, from their support Web site.

For additional information, click to see Ecava’s vulnerability note.



Leave a Reply

You must be logged in to post a comment.