Category: Vulnerability Note

  • DLL Hijacking when Open Malicious File – Vulnerability Note

    We have recently sent out newsletter informing the launch and promotion of V5, a very kind security researcher, John Carroll reported that a vulnerability issue was found in our License Manager. For those who have started using V5.1, you may have realized you can now do online license activation, as well as offline activation on […]

  • Multiple Security Issues Vulnerability Note

    Security researcher Marcus Richerson from San Diego State University have reported multiple security issues in his research. We are very thankful for his time spent especially on verifying the patches for many rounds. IGX developers have patched the reported vulnerabilities and released the fix over time. The complete fix has been included in latest Release […]

  • Security Issue for DLL Vulnerability Note

    Security researcher Praveen Darshanam have reported to IGX developer on a new DLL vulnerability via US-CERT. This is the second DLL vulnerability on top of previously found DLL hijack issues. The vulnerability is about replacing the genuine DLL files with malicious DLL files in program directory. IGX developers have patched the reported vulnerability and released […]

  • Account Information Disclosure Vulnerability Note

    Account Information Disclosure Vulnerability Note Security researcher Andrea Micalizzi aka rgod has disclosed information on a guest account information disclosure vulnerability in IntegraXor via ZDI (Zero Day Initiative), who in turn, coordinated the information with NCCIC/ICS-CERT. IGX developers have patched the reported vulnerability and the fix has been released in earlier release candidate build 4393. […]

  • Buffer Overflow Vulnerability Note

    Buffer Overflow Vulnerability Note Security researcher Luigi Auriemma has disclosed information on a buffer overflow vulnerability in IntegraXor. He presented this vulnerability at the S4 conference yesterday. We would like to thank ICS-CERT for notifying IGX development team accordingly. IGX developers have patched the reported vulnerability and released the fix on the same day the […]

  • Security Issue for Project Directory Information Disclosure Vulnerability Note

    Security researcher Alphazorx aka technically.screwed have reported via ZDI that a vulnerability may occur when a specially crafted URL could download certain files in the project directory. IGX developers have patched the reported vulnerability and released the fix on the following day. The fix has been included in latest Release which can be obained at […]

  • Security Issue for ActiveX enabled browser Vulnerability Note

    Security researcher Andrew Brooks have reported a vulnerability that may occur when a specially crafted HTML document is opened with ActiveX enabled browser, typically Microsoft I.E.. Successful exploitation may crash the said browser. This attack has no impact on IntegraXor SCADA server itself. IGX developers have taken proactive step to patch the reported vulnerability immediately […]

  • Security Issue XSS Vulnerability Note

    Web developers surely heard of acronym like HTML, CSS, JS, XML etc. But, what about XSS? It’s something a good boy never bother to know, until one day he’s been threaten so. As such we learned the details to defense ourselves, and all you need to do is to upgrade to the latest version to […]

  • Security Issue DLL Hijacking Vulnerability Note

    HD Moore of Metasploit published a blog about Exploiting DLL Hijacking Flaws on Sunday, August 22, 2010, and then almost everyone who use Windows are at risk, because you can easily spot one familiar application in the long list of applications that prone for this vulnerability, and IntegraXor is also affected for DLL Hijacking vulnerability. […]

  • Security Issue SQL Unauthenticated Vulnerability Note

    Earlier we announced that SQL vulnerability issue has been resolved by adding Read/Write security control onto database configuration, however the security researcher Dan Rosenberg from VSR claimed that the vulnerability is not fully patched. We were forced to put this issue aside as we have putting on hold too many other features request earlier, and […]

  • Security Issue 20101222-0700 Vulnerability Note

    SQL Authentication Vulnerability IntegraXor 3.6.4000.5 is now added with Read and Write level column to database table which allows user to configure security level for individual database entry. Now only user with security level higher than or equal to the read level can browse for trend and alarm data, and user with security level higher […]

  • IntegraXor 3.6 SCADA Security Issue 20101222-0323 Vulnerability Note

    Further to our earlier security note about buffer over flow, it seems the publication has drawn more interest from security researchers, Industrial Control System Cyber Emergency Team (ICS-CERT) has again contacted us on Directory Traversal attack. This vulnerability can be exploit by attacker to download files from the SCADA server. However, attack by deleting file […]

  • IntegraXor 3.5 SCADA Security Issue 20101006-0109 Vulnerability Note

    Earlier this October, the Industrial Control System Cyber Emergency Team (ICS-CERT), managed and operated by the United States Department of Homeland Security Control Systems Security Program, has received a report from an independent security researcher of a vulnerability in IntegraXor. ICS-CERT works in coordination with US-CERT, with a focus on control systems cyber security. Below […]