CVE-2013-3075

2022-10-0316:14:44

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-3075

actuwzd.dll

buffer overflows

mitsubishi mx component 3

citect citectfacilities

citectscada

nvd

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.077 Low

EPSS

Percentile

94.2%

JSON

Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control.

Affected configurations

NVD

Node

mitsubishi-automationmitsubishi_mx_componentMatch3

schneider-electriccitectfacilitiesMatch7.10

schneider-electriccitectscadaMatch7.10r1

CPENameOperatorVersion
mitsubishi-automation:mitsubishi_mx_componentmitsubishi-automation mitsubishi mx componenteq3
schneider-electric:citectfacilitiesschneider-electric citectfacilitieseq7.10
schneider-electric:citectscadaschneider-electric citectscadaeq7.10

CPE	Name	Operator	Version
mitsubishi-automation:mitsubishi_mx_component	mitsubishi-automation mitsubishi mx component	eq	3
schneider-electric:citectfacilities	schneider-electric citectfacilities	eq	7.10
schneider-electric:citectscada	schneider-electric citectscada	eq	7.10