SCADA Vulnerabilities in Ecava Line

Wednesday, June 1, 2011 @ 04:06 PM gHale


Ecava IntegraXor SCADA product line is suffering from an uncontrolled search path element, or DLL Hijacking, and cross site scripting (XSS) vulnerabilities, according to the Department of Homeland Security’s (DHS) Industrial Control System – Cyber Emergency Response Team (ICS-CERT).

For the DLL Hijacking vulnerability, ICS-CERT said it affects all IntegraXor versions prior to Version 3.60 (Build 4090). A successful exploit could lead to arbitrary code execution. An attacker may place a malicious DLL in a directory that loads before the valid DLL. An attacker must have access to the computer’s file system to exploit this vulnerability.

An attacker requires a moderate skill level to exploit this vulnerability, according to ICS CERT.

Ecava Sdn Bhd is a Malaysia-based software development company that provides the IntegraXor SCADA product. Ecava specializes in factory and process automation solutions. IntegraXor is a suite of tools used to create and run a web-based human-machine interface (HMI) for a SCADA system.

IntegraXor currently sees use in 38 countries with the largest installation based in the United Kingdom, United States, Australia, Poland, Canada, and Estonia.

ICS-CERT recommends users of Ecava IntegraXor take the following mitigation steps: Update IntegraXor to the latest version and install the latest patch 3.60 (Build 4090).

Ecava has developed and released a patch to mitigate the vulnerability

For more information, contact Ecava support at support@integraxor.com or click here to view Ecava’s security notes.

For the XSS vulnerabilities, ICS-CERT first received a report from an anonymous security researcher.

ICS-CERT worked with the researcher and Ecava to validate these vulnerabilities and Ecava developed a patch release of IntegraXor. The independent security researcher has validated this patch.

These vulnerabilites affect all IntegraXor versions prior to Version 3.60 (Build 4080). A successful exploit of this vulnerability can lead to arbitrary data leakage. IntegraXor is vulnerable to a reflective (nonpersistent) Cross Site Scripting vulnerability. An attacker may craft a custom URL that executes an arbitrary script. Using this vulnerability, an attacker injects malicious code directly into the user’s browsing session. Parameters pass back to the user without proper sanitation.

ICS-CERT recommends users of Ecava IntegraXor take the following mitigation steps: Update IntegraXor to the latest version and install the latest patch 3.60 (Build 4080).

Ecava has developed and released a patch to mitigate the vulnerability



Leave a Reply

You must be logged in to post a comment.