Skip to main content

Integraxor CVE-2016-2302

MEDIUM
Information Exposure (CWE-200)
2016-04-22 ics-cert@hq.dhs.gov
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 22, 2016 - 00:59 cve.org
MEDIUM 5.3

DescriptionCVE.org

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.

AnalysisAI

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Affected products include: Ecava Integraxor. Version information: before 5.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2012-4700 CRITICAL
9.3 Feb 08

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier

CVE-2017-6050 CRITICAL
9.8 Jun 21

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. Rated critical severity (CVSS 9.

CVE-2016-8341 CRITICAL
9.8 Feb 13

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2012-0246 CRITICAL
9.3 Apr 02

Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote a

CVE-2014-0753 HIGH
7.8 Jan 21

Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a d

CVE-2014-2375 HIGH
8.3 Sep 15

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read

CVE-2014-0752 HIGH
7.5 Jan 09

The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via

CVE-2014-0786 HIGH
7.5 May 01

Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via S

CVE-2016-2306 HIGH
7.5 Apr 22

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext infor

CVE-2016-2299 HIGH
7.3 Apr 22

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL c

CVE-2014-2376 HIGH
7.5 Sep 15

SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier a

CVE-2016-2300 MEDIUM
6.5 Apr 22

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages

Share

CVE-2016-2302 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy