Ecava released a new version of its IntegraXor to mitigate a SQL injection vulnerability, according to a report with ICS-CERT.
IntegraXor Versions 5.2.1231.0 and prior suffer from the remotely exploitable vulnerability, discovered by Brian Martin of Tenable Security, who also tested the patch.
Successful exploitation of this vulnerability may allow unauthenticated remote code execution.
No known public exploits specifically target this vulnerability. However, it would take an attacker with low skill level to leverage the vulnerability.
In the vulnerability, the application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.
CVE-2017-6050 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.
The product sees use in the critical manufacturing, energy, water and wastewater systems sectors. It sees action in the United Kingdom, United States, Australia, Poland, Canada, and Estonia.
Malaysia-based Ecava recommends users of affected IntegraXor versions update to version 6.0.522.1 or newer. Click here for the latest version.