Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:7117218705B97608799F6075169920BA
HistoryApr 19, 2013 - 12:00 a.m.

Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability

2013-04-1900:00:00
SAINT Corporation
download.saintcorporation.com
30

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.676 Medium

EPSS

Percentile

98.0%

JSON

Added: 04/19/2013
CVE: CVE-2013-0108
BID: 58134
OSVDB: 90583

Background

Honeywell offers software solutions which integrate different systems and devices such as HVAC, security, safety, lighting, and energy into a common platform.

Problem

A vulnerability in multiple Honeywell products allows command execution when a user loads a malicious web page which calls the HscRemoteDeploy.dll ActiveX control with specially crafted parameters.

Resolution

Contact Honeywell for an update.

References

<http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02A.pdf&gt;

Limitations

Exploit works on Honeywell HSCRemoteDeploy ActiveX 5.7.170.410 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn) and requires a user to open the exploit page in Internet Explorer 8 or 9.

Platforms

Windows

Related

packetstorm 1
openvas 1
checkpoint_advisories 1
cve 1
zdt 1
threatpost 1
nvd 1
cvelist 1
saint 3
metasploit 1
nessus 1
seebug 1
prion 1
ics 1
exploitdb 1
packetstorm
packetstorm
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
2013-03-11 00:00:00
openvas
openvas
Microsoft Windows ActiveX Control Multiple Vulnerabilities (2820197)
2013-05-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Honeywell Multiple Products HscRemoteDeploy.dll ActiveX Control Code Execution (CVE-2013-0108)
2013-05-07 00:00:00
cve
cve
CVE-2013-0108
2022-10-03 16:15:03
zdt
zdt
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
2013-03-12 00:00:00
threatpost
threatpost
Metasploit Module Released for Patched Honeywell ICS Vulnerability
2013-03-11 19:01:54
nvd
nvd
CVE-2013-0108
2013-02-24 11:48:21
cvelist
cvelist
CVE-2013-0108
2022-10-03 16:15:03
saint
saint
Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability
2013-04-19 00:00:00
Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability
2013-04-19 00:00:00
Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability
2013-04-19 00:00:00
metasploit
metasploit
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
2013-03-11 18:03:59
nessus
nessus
MS KB2820197: Update Rollup for ActiveX Kill Bits
2013-05-15 00:00:00
seebug
seebug
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2013-02-24 11:48:00
ics
ics
Honeywell EBI, SymmetrE, and ComfortPoint Open Manager Station (Update A)
2018-09-06 12:00:00
exploitdb
exploitdb
Honeywell HSC Remote Deployer - ActiveX Remote Code Execution (Metasploit)
2013-03-13 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.676 Medium

EPSS

Percentile

98.0%

JSON
Related for SAINT:7117218705B97608799F6075169920BA
packetstorm1openvas1checkpoint_advisories1cve1zdt1threatpost1nvd1cvelist1saint3metasploit1nessus1seebug1prion1ics1exploitdb1