Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
Fixes

Solution

A customer notification from Ecava has been issued that details this vulnerability and provides mitigation guidance to its customers. Ecava recommends users download and install the update, IntegraXor SCADA Server 4.1.4410, from their support web site:  http://www.integraxor.com/download/igsetup.msi?4.1.4410 For additional information, please see Ecava’s vulnerability note:  http://www.integraxor.com/blog/category/security/vulnerability-note/


Workaround

No workaround given by the vendor.

History

Thu, 25 Sep 2025 17:45:00 +0000

Type Values Removed Values Added
Title Ecava IntegraXor Information Exposure
Weaknesses CWE-200
References
Metrics cvssV2_0

{'score': 5.0, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N'}

cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-09-25T17:32:40.076Z

Reserved: 2014-01-02T00:00:00

Link: CVE-2014-0786

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-05-01T01:56:10.490

Modified: 2025-09-25T18:15:35.830

Link: CVE-2014-0786

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.