ecava CVE Vulnerabilities & Metrics

Focus on ecava vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About ecava Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with ecava. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total ecava CVEs: 13
Earliest CVE date: 23 Dec 2010, 18:00 UTC
Latest CVE date: 20 Dec 2017, 19:29 UTC

Latest CVE reference: CVE-2017-16735

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical ecava CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.45

Max CVSS: 10.0

Critical CVEs (≥9): 4

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	15
7.0-8.9	7
9.0-10.0	4

CVSS Distribution Chart

Top 5 Highest CVSS ecava CVEs

These are the five CVEs with the highest CVSS scores for ecava, sorted by severity first and recency.

CVE-2010-4597 ecava Published on 23 Dec 2010, 18:00 UTC (CVSS: 10.0)
Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.
CVE-2012-4700 ecava Published on 08 Feb 2013, 05:50 UTC (CVSS: 9.3)
Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.
CVE-2012-0246 ecava Published on 02 Apr 2012, 10:46 UTC (CVSS: 9.3)
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server.
CVE-2014-2375 ecava Published on 15 Sep 2014, 14:55 UTC (CVSS: 9.0)
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.
CVE-2016-2306 ecava Published on 22 Apr 2016, 00:59 UTC (CVSS: 7.8)
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.

All CVEs for ecava

CVE-2017-16735 ecava vulnerability CVSS: 5.0 20 Dec 2017, 19:29 UTC

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

CVE-2017-16733 ecava vulnerability CVSS: 5.0 20 Dec 2017, 19:29 UTC

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.

CVE-2017-6050 ecava vulnerability CVSS: 7.5 21 Jun 2017, 19:29 UTC

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.

CVE-2016-8341 ecava vulnerability CVSS: 7.5 13 Feb 2017, 21:59 UTC

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.

CVE-2016-2306 ecava vulnerability CVSS: 7.8 22 Apr 2016, 00:59 UTC

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.

CVE-2016-2305 ecava vulnerability CVSS: 4.3 22 Apr 2016, 00:59 UTC

Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2016-2304 ecava vulnerability CVSS: 4.3 22 Apr 2016, 00:59 UTC

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2016-2303 ecava vulnerability CVSS: 5.0 22 Apr 2016, 00:59 UTC

CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVE-2016-2302 ecava vulnerability CVSS: 5.0 22 Apr 2016, 00:59 UTC

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.

CVE-2016-2301 ecava vulnerability CVSS: 6.5 22 Apr 2016, 00:59 UTC

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2016-2300 ecava vulnerability CVSS: 6.4 22 Apr 2016, 00:59 UTC

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.

CVE-2016-2299 ecava vulnerability CVSS: 7.5 22 Apr 2016, 00:59 UTC

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2015-0990 ecava vulnerability CVSS: 4.4 03 Apr 2015, 10:59 UTC

Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.

CVE-2014-2377 ecava vulnerability CVSS: 5.0 15 Sep 2014, 14:55 UTC

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-2376 ecava vulnerability CVSS: 7.5 15 Sep 2014, 14:55 UTC

SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2375 ecava vulnerability CVSS: 9.0 15 Sep 2014, 14:55 UTC

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-0786 ecava vulnerability CVSS: 5.0 01 May 2014, 01:56 UTC

Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.

CVE-2014-0753 ecava vulnerability CVSS: 7.8 21 Jan 2014, 01:55 UTC

Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.

CVE-2014-0752 ecava vulnerability CVSS: 5.0 09 Jan 2014, 18:07 UTC

The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.

CVE-2012-4700 ecava vulnerability CVSS: 9.3 08 Feb 2013, 05:50 UTC

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.

CVE-2012-0246 ecava vulnerability CVSS: 9.3 02 Apr 2012, 10:46 UTC

Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server.

CVE-2011-2958 ecava vulnerability CVSS: 4.3 28 Jul 2011, 18:55 UTC

Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2011-1562 ecava vulnerability CVSS: 7.5 05 Apr 2011, 15:19 UTC

Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.

CVE-2010-4599 ecava vulnerability CVSS: 6.9 23 Dec 2010, 18:00 UTC

Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-4598 ecava vulnerability CVSS: 5.0 23 Dec 2010, 18:00 UTC

Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.

CVE-2010-4597 ecava vulnerability CVSS: 10.0 23 Dec 2010, 18:00 UTC

Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.