Lucene search

IcscertCVE-2012-3018

HistoryJul 31, 2012 - 10:45 a.m.

CVE-2012-3018

2012-07-3110:45:42

CWE-310

icscert

web.nvd.nist.gov

iconics

genesis32

bizviz

security

lockout-recovery

encryption

authentication code

access restrictions

cve-2012-3018

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

Percentile

0.4%

JSON

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.

Affected configurations

Nvd

Node

iconicsgenesis32Range≤9.22

iconicsgenesis32Match8.05

iconicsgenesis32Match9.0

iconicsgenesis32Match9.1

iconicsgenesis32Match9.01

iconicsgenesis32Match9.2

iconicsgenesis32Match9.13

iconicsgenesis32Match9.20

iconicsgenesis32Match9.21

Node

iconicsbizvizRange≤9.22

iconicsbizvizMatch8.05

iconicsbizvizMatch9.0

iconicsbizvizMatch9.01

iconicsbizvizMatch9.1

iconicsbizvizMatch9.2

iconicsbizvizMatch9.13

iconicsbizvizMatch9.20

iconicsbizvizMatch9.21

VendorProductVersionCPE
iconicsgenesis32*cpe:2.3:a:iconics:genesis32:*:*:*:*:*:*:*:*
iconicsgenesis328.05cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*
iconicsgenesis329.0cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*
iconicsgenesis329.1cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*
iconicsgenesis329.01cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*
iconicsgenesis329.2cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*
iconicsgenesis329.13cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*
iconicsgenesis329.20cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*
iconicsgenesis329.21cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*
iconicsbizviz*cpe:2.3:a:iconics:bizviz:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iconics	genesis32	*	cpe:2.3:a:iconics:genesis32::::::::
iconics	genesis32	8.05	cpe:2.3:a:iconics:genesis32:8.05:::::::*
iconics	genesis32	9.0	cpe:2.3:a:iconics:genesis32:9.0:::::::*
iconics	genesis32	9.1	cpe:2.3:a:iconics:genesis32:9.1:::::::*
iconics	genesis32	9.01	cpe:2.3:a:iconics:genesis32:9.01:::::::*
iconics	genesis32	9.2	cpe:2.3:a:iconics:genesis32:9.2:::::::*
iconics	genesis32	9.13	cpe:2.3:a:iconics:genesis32:9.13:::::::*
iconics	genesis32	9.20	cpe:2.3:a:iconics:genesis32:9.20:::::::*
iconics	genesis32	9.21	cpe:2.3:a:iconics:genesis32:9.21:::::::*
iconics	bizviz	*	cpe:2.3:a:iconics:bizviz::::::::

Rows per page:

1-10 of 181

References

www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2012-3018