Ecava Patches IntegraXor DLL Holes

Wednesday, April 1, 2015 @ 02:04 PM gHale

Ecava created a patch that mitigates two DLL loading vulnerabilities in its IntegraXor SCADA Server, according to a report on ICS-CERT.

Praveen Darshanam, the researcher that discovered the holes, tested the patch to validate it resolves the vulnerabilities.

Schneider Patches InduSoft, InTouch Holes
GE, MACTek Update DTM Fix
Rockwell Fixes FactoryTalk Holes
Johnson Controls Fixes Metasys Holes

IntegraXor SCADA Server prior to Version 4.2.4488 suffers from the issues.

Loading and executing an insecure DLL is equivalent to running malicious code at the privilege level of the application that uses the DLL.

Ecava Sdn Bhd (Ecava) is a Malaysia-based software development company that provides the IntegraXor SCADA product. Ecava specializes in factory and process automation solutions.

The affected product, IntegraXor, is a suite of tools used to create and run a web-based human machine interface for a SCADA system. IntegraXor sees action across several sectors including critical manufacturing, energy, and water and wastewater systems. Ecava estimates this product is used in 38 countries, with the largest installations based in the United Kingdom, the United States, Australia, Poland, Canada, and Estonia.

An attacker could rename a malicious DLL to meet the criteria of the applications, and the applications would not verify the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by either application, the DLL could run malicious code at the privilege level of the application.

CVE-2015-0990 is the case number assigned to these vulnerabilities, which has a CVSS v2 base score of 6.8.

These vulnerabilities are not exploitable remotely without user interaction. These exploits only trigger when a local user runs the vulnerable application after loading the malicious DLL file.

No known public exploits specifically target these vulnerabilities.

Crafting a working exploit for these vulnerabilities would be difficult. Social engineering is required to convince the user to load the malicious DLL file. Additional user interaction would be mandatory to load the malformed file. This decreases the likelihood of a successful exploit.

Ecava recommends users download and install the patch.

Leave a Reply

You must be logged in to post a comment.