CVE-2011-1562 - OpenCVE

Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ecava	Integraxor

Configuration 1 [-]

cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/44105
http://twitter.com/#%21/djrbliss/status/50685527749431296
http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note
http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note
http://www.securityfocus.com/bid/47019
http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf
http://www.vupen.com/english/advisories/2011/0761
https://exchange.xforce.ibmcloud.com/vulnerabilities/66306

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-04-05T15:00:00

Updated: 2024-08-06T22:28:41.871Z

Reserved: 2011-04-05T00:00:00

Link: CVE-2011-1562

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-04-05T15:19:35.587

Modified: 2023-11-07T02:07:02.980

Link: CVE-2011-1562

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-11T00:00:00", "descriptions": [{"lang": "en", "value": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "44105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44105"}, {"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"}, {"name": "47019", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47019"}, {"name": "ADV-2011-0761", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0761"}, {"tags": ["x_refsource_MISC"], "url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"}, {"name": "integraxor-unspecified-sql-injection(66306)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1562", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "44105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44105"}, {"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"}, {"name": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note", "refsource": "CONFIRM", "url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"}, {"name": "47019", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47019"}, {"name": "ADV-2011-0761", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0761"}, {"name": "http://twitter.com/#!/djrbliss/status/50685527749431296", "refsource": "MISC", "url": "http://twitter.com/#!/djrbliss/status/50685527749431296"}, {"name": "integraxor-unspecified-sql-injection(66306)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"}, {"name": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note", "refsource": "CONFIRM", "url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.871Z"}, "title": "CVE Program Container", "references": [{"name": "44105", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44105"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"}, {"name": "47019", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47019"}, {"name": "ADV-2011-0761", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0761"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"}, {"name": "integraxor-unspecified-sql-injection(66306)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1562", "datePublished": "2011-04-05T15:00:00", "dateReserved": "2011-04-05T00:00:00", "dateUpdated": "2024-08-06T22:28:41.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ecava:integraxor:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B12B7DF-7978-4188-9F07-9AA8A345911E", "versionEndIncluding": "3.60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate."}, {"lang": "es", "value": "Ecava IntegraXor HMI antes de v3.60 (Build 4032) permite a atacantes remotos evitar la autenticaci\u00f3n y ejecutar comandos SQL a trav\u00e9s de vectores no especificados relacionados con una solicitud POST manipulada. NOTA: algunas fuentes han informado de este problema como la inyecci\u00f3n SQL, pero esto podr\u00eda no ser exacta."}], "id": "CVE-2011-1562", "lastModified": "2023-11-07T02:07:02.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-05T15:19:35.587", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/44105"}, {"source": "cve@mitre.org", "url": "http://twitter.com/#%21/djrbliss/status/50685527749431296"}, {"source": "cve@mitre.org", "url": "http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/47019"}, {"source": "cve@mitre.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0761"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66306"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}