Category: Vulnerability Note

  • Security Issue for DLL Vulnerability Note

    Security researcher Praveen Darshanam have reported to IGX developer on a new DLL vulnerability via US-CERT. This is the second DLL vulnerability on top of previously found DLL hijack issues. The vulnerability is about replacing the genuine DLL files with malicious DLL files in program directory. IGX developers have patched the reported vulnerability and released […]

  • Account Information Disclosure Vulnerability Note

    Account Information Disclosure Vulnerability Note Security researcher Andrea Micalizzi aka rgod has disclosed information on a guest account information disclosure vulnerability in IntegraXor via ZDI (Zero Day Initiative), who in turn, coordinated the information with NCCIC/ICS-CERT. IGX developers have patched the reported vulnerability and the fix has been released in earlier release candidate build 4393. […]

  • Buffer Overflow Vulnerability Note

    Buffer Overflow Vulnerability Note Security researcher Luigi Auriemma has disclosed information on a buffer overflow vulnerability in IntegraXor. He presented this vulnerability at the S4 conference yesterday. We would like to thank ICS-CERT for notifying IGX development team accordingly. IGX developers have patched the reported vulnerability and released the fix on the same day the […]

  • Security Issue for Project Directory Information Disclosure Vulnerability Note

    Security researcher Alphazorx aka technically.screwed have reported via ZDI that a vulnerability may occur when a specially crafted URL could download certain files in the project directory. IGX developers have patched the reported vulnerability and released the fix on the following day. The fix has been included in latest Release which can be obained at […]

  • Security Issue for ActiveX enabled browser Vulnerability Note

    Security researcher Andrew Brooks have reported a vulnerability that may occur when a specially crafted HTML document is opened with ActiveX enabled browser, typically Microsoft I.E.. Successful exploitation may crash the said browser. This attack has no impact on IntegraXor SCADA server itself. IGX developers have taken proactive step to patch the reported vulnerability immediately […]