CVE-2014-0752

Ecava IntegraXor Exposure of Access Control List Files to an Unauthorized Control Sphere

Description

The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.

Solution:

Ecava Sdn Bhd has issued a customer notification that details this vulnerability and provides mitigations to its customers. Ecava Sdn Bhd recommends users download and install the update, IntegraXor SCADA Server 4.1.4369, from their support Web site: http://www.integraxor.com/download/beta.msi?4.1.4369 For additional information, please see Ecava’s vulnerability note: http://www.integraxor.com/blog/category/security/vulnerability-note/

Link	Tags
http://www.integraxor.com/blog/category/security/vulnerability-note/	patch vendor advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-14-008-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01	patch us government resource

What is the severity of CVE-2014-0752?: CVE-2014-0752 has been scored as a high severity vulnerability.
How to fix CVE-2014-0752?: To fix CVE-2014-0752: Ecava Sdn Bhd has issued a customer notification that details this vulnerability and provides mitigations to its customers. Ecava Sdn Bhd recommends users download and install the update, IntegraXor SCADA Server 4.1.4369, from their support Web site: http://www.integraxor.com/download/beta.msi?4.1.4369 For additional information, please see Ecava’s vulnerability note: http://www.integraxor.com/blog/category/security/vulnerability-note/
Is CVE-2014-0752 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2014-0752 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2014-0752?: CVE-2014-0752 affects Ecava IntegraXor.