Ecava Integraxor SCADA Server CVE-2014-2375 Arbitrary File Read and Write Vulnerability

Bugtraq ID:	69767
Class:	Input Validation Error
CVE:	CVE-2014-2375
Remote:	Yes
Local:	No
Published:	Sep 11 2014 12:00AM
Updated:	Sep 11 2014 12:00AM
Credit:	Andrea Micalizzi
Vulnerable:	Ecava IntegraXor SCADA Server 4.1.4392 Ecava IntegraXor SCADA Server 4.1.4360
Not Vulnerable:

Ecava Integraxor SCADA Server CVE-2014-2375 Arbitrary File Read and Write Vulnerability

Ecava Integraxor SCADA Server is prone to a security vulnerability that allows remote attackers to read and write arbitrary files.

Successful exploits may allow an attacker to read and write arbitrary files in the context of the user running the affected application. This may aid in further attacks.

Ecava Integraxor SCADA Server CVE-2014-2375 Arbitrary File Read and Write Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Ecava Integraxor SCADA Server CVE-2014-2375 Arbitrary File Read and Write Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Ecava Integraxor SCADA Server CVE-2014-2375 Arbitrary File Read and Write Vulnerability

References:

• IntegraXor Homepage (Ecava )
  
• Advisory (ICSA-14-224-01) Ecava Integraxor SCADA Server Vulnerabilities (CERT)