Details of VAR-201706-0471

ID

VAR-201706-0471

CVE

CVE-2017-6050

TITLE

Ecava IntegraXor SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-15807 // CNNVD: CNNVD-201706-882

DESCRIPTION

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. IntegraXor versions 5.2.1231.0 and prior are vulnerable

Trust: 2.61

sources: NVD: CVE-2017-6050 // JVNDB: JVNDB-2017-005031 // CNVD: CNVD-2017-15807 // BID: 99164 // IVD: 0852aa5f-e070-4ad6-ab62-b472502a6b07

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 0852aa5f-e070-4ad6-ab62-b472502a6b07 // CNVD: CNVD-2017-15807

AFFECTED PRODUCTS

vendor:	ecava	model:	integraxor	scope:	lte	version:	5.2.1231.0	Trust: 1.8
vendor:	ecava	model:	integraxor	scope:	eq	version:	5.2.1231.0	Trust: 0.9
vendor:	ecava	model:	integraxor	scope:	lte	version:	<=5.2.1231.0	Trust: 0.6
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4410	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4393	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	5.2.722.2	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	5.0.413.0	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	5.0	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4450	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4390	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4380	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4369	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4360	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.1.4340	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	4.00	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.72	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.71.4200	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.71	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.60.4061	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.60.4050	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.60.4032	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.60	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.6.4000.5	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.6.4000.0	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5.4000.5	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5.3900.5	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5.3900.10	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	eq	version:	3.5	Trust: 0.3
vendor:	ecava	model:	integraxor	scope:	ne	version:	6.0.522.1	Trust: 0.3
vendor:	integraxor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 0852aa5f-e070-4ad6-ab62-b472502a6b07 // CNVD: CNVD-2017-15807 // BID: 99164 // JVNDB: JVNDB-2017-005031 // CNNVD: CNNVD-201706-882 // NVD: CVE-2017-6050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6050
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6050
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-15807
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201706-882
value:	HIGH
Trust: 0.6
IVD:	0852aa5f-e070-4ad6-ab62-b472502a6b07
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2017-6050
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-15807
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0852aa5f-e070-4ad6-ab62-b472502a6b07
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-6050
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 0852aa5f-e070-4ad6-ab62-b472502a6b07 // CNVD: CNVD-2017-15807 // JVNDB: JVNDB-2017-005031 // CNNVD: CNNVD-201706-882 // NVD: CVE-2017-6050

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2017-005031 // NVD: CVE-2017-6050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-882

TYPE

SQL injection

Trust: 0.8

sources: IVD: 0852aa5f-e070-4ad6-ab62-b472502a6b07 // CNNVD: CNNVD-201706-882

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005031

PATCH

title:	Top Page	url:	https://www.integraxor.com/	Trust: 0.8
title:	Ecava IntegraXor SQL Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/98489	Trust: 0.6
title:	Ecava IntegraXor SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71126	Trust: 0.6

sources: CNVD: CNVD-2017-15807 // JVNDB: JVNDB-2017-005031 // CNNVD: CNNVD-201706-882

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6050	Trust: 3.5
db:	ICS CERT	id:	ICSA-17-171-01	Trust: 3.3
db:	BID	id:	99164	Trust: 2.5
db:	TENABLE	id:	TRA-2017-24	Trust: 1.0
db:	CNVD	id:	CNVD-2017-15807	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-882	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005031	Trust: 0.8
db:	NSFOCUS	id:	36941	Trust: 0.6
db:	IVD	id:	0852AA5F-E070-4AD6-AB62-B472502A6B07	Trust: 0.2

sources: IVD: 0852aa5f-e070-4ad6-ab62-b472502a6b07 // CNVD: CNVD-2017-15807 // BID: 99164 // JVNDB: JVNDB-2017-005031 // CNNVD: CNNVD-201706-882 // NVD: CVE-2017-6050

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-171-01	Trust: 3.3
url:	http://www.securityfocus.com/bid/99164	Trust: 1.6
url:	https://www.tenable.com/security/research/tra-2017-24	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6050	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6050	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36941	Trust: 0.6
url:	https://www.integraxor.com/	Trust: 0.3

sources: CNVD: CNVD-2017-15807 // BID: 99164 // JVNDB: JVNDB-2017-005031 // CNNVD: CNNVD-201706-882 // NVD: CVE-2017-6050

CREDITS

Brian Martin of Tenable Security

Trust: 0.9

sources: BID: 99164 // CNNVD: CNNVD-201706-882

SOURCES

db:	IVD	id:	0852aa5f-e070-4ad6-ab62-b472502a6b07
db:	CNVD	id:	CNVD-2017-15807
db:	BID	id:	99164
db:	JVNDB	id:	JVNDB-2017-005031
db:	CNNVD	id:	CNNVD-201706-882
db:	NVD	id:	CVE-2017-6050

LAST UPDATE DATE

2025-04-20T23:13:05.739000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-15807	date:	2017-07-21T00:00:00
db:	BID	id:	99164	date:	2017-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-005031	date:	2017-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201706-882	date:	2017-06-22T00:00:00
db:	NVD	id:	CVE-2017-6050	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	0852aa5f-e070-4ad6-ab62-b472502a6b07	date:	2017-07-21T00:00:00
db:	CNVD	id:	CNVD-2017-15807	date:	2017-07-21T00:00:00
db:	BID	id:	99164	date:	2017-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-005031	date:	2017-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201706-882	date:	2017-06-21T00:00:00
db:	NVD	id:	CVE-2017-6050	date:	2017-06-21T19:29:00.337