Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0108

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-0108
Last Modified 25 Feb 2013 12:00:00
Published 24 Feb 2013 06:48:21
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0108

Summary

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.

Vulnerable Systems

Application

  • Honeywell Comfortpoint Open Manager Station R100

  • Honeywell Enterprise Buildings Integrator R310

  • Honeywell Enterprise Buildings Integrator R400.2

  • Honeywell Enterprise Buildings Integrator R410.1

  • Honeywell Enterprise Buildings Integrator R410.2

  • Honeywell Symmetre R310

  • Honeywell Symmetre R400.2

  • Honeywell Symmetre R410.1


References

MISC - http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf


Last Updated: 27 May 2016 11:01:56