SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (ID 89)
Related CAPEC 6
Command Line Execution through SQL Injection (CAPEC-ID 108)
Object Relational Mapping Injection (CAPEC-ID 109)
SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110)
Expanding Control over the Operating System from the Database (CAPEC-ID 470)
SQL Injection (CAPEC-ID 66)
Blind SQL Injection (CAPEC-ID 7)