IntegraXor 3.6 SCADA Security Issue 20101222-0323 Vulnerability Note
Further to our earlier security note about buffer over flow, it seems the publication has drawn more interest from security researchers, Industrial Control System Cyber Emergency Team (ICS-CERT) has again contacted us on Directory Traversal attack. This vulnerability can be exploit by attacker to download files from the SCADA server. However, attack by deleting file is not possible, but we still took immediate action to patch this security issue with our latest official release 3.6.4000.1. It can be obtained from our download link at http://www.integraxor.com/download/igsetup.msi. We urge our user especially who open their SCADA for Internet access to upgrade to this latest version. And mean time please move any sensitive or confidential files away from the said SCADA server.
We take this opportunity to wish everyone Merry Christmas and Happy New Year!
Summary of Event
- 22-Dec-2010: ICS CERT Contacted IntegraXor support team.
- 22-Dec-2010: Technical report for the vulnerability is received.
- 22-Dec-2010: Security fixed is issued as official release for general download.
- 24-Dec-2010: Public announcement is made by IntegraXor support team.
- 24-Dec-2010: Security researcher Luigi Auriemma confirmed the vulnerability issue has been fixed.