Lucene search
CertccCVE-2013-0108HistoryFeb 24, 2013 - 11:48 a.m.
CVE-2013-0108
2013-02-2411:48:21
CWE-94
certcc
web.nvd.nist.gov
44
activex control
hscremotedeploy.dll
honeywell ebi
symmetre
remote code execution
html document
security vulnerability
cve-2013-0108
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.911
Percentile
98.9%
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.
Affected configurations
Node
honeywellenterprise_buildings_integratorMatchr310
ORhoneywellenterprise_buildings_integratorMatchr400.2
ORhoneywellenterprise_buildings_integratorMatchr410.1
ORhoneywellenterprise_buildings_integratorMatchr410.2
Node
honeywellsymmetreMatchr310
ORhoneywellsymmetreMatchr400.2
ORhoneywellsymmetreMatchr410.1
Node
honeywellcomfortpoint_open_manager_stationMatchr100
| Vendor | Product | Version | CPE |
|---|---|---|---|
| honeywell | enterprise_buildings_integrator | r310 | cpe:2.3:a:honeywell:enterprise_buildings_integrator:r310:*:*:*:*:*:*:* |
| honeywell | enterprise_buildings_integrator | r400.2 | cpe:2.3:a:honeywell:enterprise_buildings_integrator:r400.2:*:*:*:*:*:*:* |
| honeywell | enterprise_buildings_integrator | r410.1 | cpe:2.3:a:honeywell:enterprise_buildings_integrator:r410.1:*:*:*:*:*:*:* |
| honeywell | enterprise_buildings_integrator | r410.2 | cpe:2.3:a:honeywell:enterprise_buildings_integrator:r410.2:*:*:*:*:*:*:* |
| honeywell | symmetre | r310 | cpe:2.3:a:honeywell:symmetre:r310:*:*:*:*:*:*:* |
| honeywell | symmetre | r400.2 | cpe:2.3:a:honeywell:symmetre:r400.2:*:*:*:*:*:*:* |
| honeywell | symmetre | r410.1 | cpe:2.3:a:honeywell:symmetre:r410.1:*:*:*:*:*:*:* |
| honeywell | comfortpoint_open_manager_station | r100 | cpe:2.3:a:honeywell:comfortpoint_open_manager_station:r100:*:*:*:*:*:*:* |
Related
packetstorm
packetstorm
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
2013-03-11 00:00:00
openvas
openvas
Microsoft Windows ActiveX Control Multiple Vulnerabilities (2820197)
2013-05-21 00:00:00
checkpoint_advisories
checkpoint_advisories
saint
saint
Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability
2013-04-19 00:00:00
Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability
2013-04-19 00:00:00
Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability
2013-04-19 00:00:00
metasploit
metasploit
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
2013-03-11 18:03:59
cvelist
cvelist
CVE-2013-0108
2013-02-24 11:00:00
zdt
zdt
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
2013-03-12 00:00:00
threatpost
threatpost
Metasploit Module Released for Patched Honeywell ICS Vulnerability
2013-03-11 19:01:54
nvd
nvd
CVE-2013-0108
2013-02-24 11:48:21
exploitdb
exploitdb
Honeywell HSC Remote Deployer - ActiveX Remote Code Execution (Metasploit)
2013-03-13 00:00:00
prion
prion
Design/Logic Flaw
2013-02-24 11:48:00
nessus
nessus
MS KB2820197: Update Rollup for ActiveX Kill Bits
2013-05-15 00:00:00
seebug
seebug
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
2014-07-01 00:00:00
ics
ics
Honeywell EBI, SymmetrE, and ComfortPoint Open Manager Station (Update A)
2018-09-06 12:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.911
Percentile
98.9%
Related for CVE-2013-0108