6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.676 Medium
EPSS
Percentile
98.0%
Added: 04/19/2013
CVE: CVE-2013-0108
BID: 58134
OSVDB: 90583
Honeywell offers software solutions which integrate different systems and devices such as HVAC, security, safety, lighting, and energy into a common platform.
A vulnerability in multiple Honeywell products allows command execution when a user loads a malicious web page which calls the HscRemoteDeploy.dll ActiveX control with specially crafted parameters.
Contact Honeywell for an update.
<http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02A.pdf>
Exploit works on Honeywell HSCRemoteDeploy ActiveX 5.7.170.410 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn) and requires a user to open the exploit page in Internet Explorer 8 or 9.
Windows