The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
Advisories
Source ID Title
EUVD EUVD EUVD-2014-0783 The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
Fixes

Solution

Ecava Sdn Bhd has issued a customer notification that details this vulnerability and provides mitigations to its customers. Ecava Sdn Bhd recommends users download and install the update, IntegraXor SCADA Server 4.1.4369, from their support Web site:  http://www.integraxor.com/download/beta.msi?4.1.4369 For additional information, please see Ecava’s vulnerability note:  http://www.integraxor.com/blog/category/security/vulnerability-note/


Workaround

No workaround given by the vendor.

History

Fri, 22 Aug 2025 23:00:00 +0000

Type Values Removed Values Added
Title Ecava IntegraXor Exposure of Access Control List Files to an Unauthorized Control Sphere
Weaknesses CWE-529
References
Metrics cvssV2_0

{'score': 5.0, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N'}

cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-08-22T22:53:01.252Z

Reserved: 2014-01-02T00:00:00

Link: CVE-2014-0752

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-01-09T18:07:26.597

Modified: 2025-08-22T23:15:30.423

Link: CVE-2014-0752

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.