PatchSiren cyber security CVE debrief
CVE-2016-8341 Ecava CVE debrief
CVE-2016-8341 is a critical SQL injection vulnerability affecting Ecava IntegraXor version 5.0.413.0. NVD classifies the issue as remotely exploitable with no privileges or user interaction required, and the weakness is mapped to CWE-89. Because the vulnerable web server parameters may allow database read, write, and delete operations when input is not sanitized, affected deployments should treat this as a high-priority exposure, especially in ICS/OT environments.
- Vendor
- Ecava
- Product
- CVE-2016-8341
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Administrators and operators of Ecava IntegraXor 5.0.413.0, ICS/OT defenders, web application maintainers, and anyone responsible for the connected database behind an IntegraXor deployment.
Technical summary
NVD lists Ecava IntegraXor 5.0.413.0 as vulnerable and describes the issue as SQL injection in web server parameters. The recorded CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating remote exploitation without authentication or user interaction and potential full impact to confidentiality, integrity, and availability. The weakness is identified as CWE-89 (SQL Injection).
Defensive priority
Immediate. The combination of network reachability, no required privileges, and high-impact database effects makes this a critical remediation item for any exposed deployment.
Recommended defensive actions
- Identify whether Ecava IntegraXor 5.0.413.0 is deployed anywhere in your environment, including segmented OT networks.
- Apply vendor or advisory guidance referenced by NVD and ICS-CERT as soon as possible, and replace vulnerable versions with a fixed release if one is available.
- Restrict network access to the IntegraXor web server to trusted management paths only until remediation is complete.
- Review application input handling and database query paths for unsanitized parameters that could enable SQL injection.
- Monitor database and web server logs for unusual query patterns, failed requests, or unexpected write/delete activity.
- If exposure is confirmed, assess connected database accounts and rotate credentials as part of incident hardening.
Evidence notes
The supplied NVD record states that Ecava IntegraXor 5.0.413.0 is vulnerable and assigns CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with CWE-89. NVD references a SecurityFocus BID entry and an ICS-CERT advisory (ICSA-17-031-02), which supports that mitigation guidance exists in official/third-party advisory material. No fixed version details were provided in the supplied corpus, so remediation specifics should be verified against the linked advisory and vendor guidance.
Official resources
-
CVE-2016-8341 CVE record
CVE.org
-
CVE-2016-8341 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Mitigation, Third Party Advisory, US Government Resource
CVE-2016-8341 was published by NVD on 2017-02-13. The supplied record later shows a modified timestamp of 2026-05-13, but that is not the issue date.