Overview
Ecava IntegraXor contains a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow the execution of arbitrary code.
Description
According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition (SCADA) system. Ecava IntegraXor is vulnerable to a stack-based buffer overflow when more than 1024 bytes are written to the fixed-size stack buffer. When an exploit sends a request greater than 1024 bytes, IntegraXor writes past the buffer bounds and corrupts memory, allowing execution of arbitrary code. |
Impact
An attacker can cause the device to crash and may be able to execute arbitrary code. |
Solution
Ecava has released a patch to mitigate the vulnerability and has notified its customer base of the availability of the patch. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Jeremy Brown for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | None |
| Severity Metric: | 21.83 |
| Date Public: | 2010-12-16 |
| Date First Published: | 2010-12-17 |
| Date Last Updated: | 2010-12-21 18:35 UTC |
| Document Revision: | 19 |