19 matches found
CVE-2012-3018
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...
CVE-2012-3018
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...
Design/Logic Flaw
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...
CVE-2012-3018
CVE-2012-3018 affects ICONICS GENESIS32 (<= 9.22) and BizViz (
CVE-2012-3018
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...
ICONICS GENESIS32/BizViz Security Configurator Authentication Bypass Vulnerability
Overview Dr. Wesley McGrew of Mississippi State University has identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications, specifically in the Security Configurator component. This vulnerability allows an attacker to bypass...
CVE-2011-5088
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy...
CVE-2011-5089
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long password...
CVE-2011-5089
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long password...
Buffer overflow
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long password...
CVE-2011-5088
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy...
CVE-2011-5089
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long password...
CVE-2011-5089
The CVE-2011-5089 issue affects ICONICS GENESIS32 (versions 8.05, 9.0, 9.1, 9.2) and BizViz (8.05, 9.0, 9.1, 9.2). It is caused by a buffer overflow in the Security Login ActiveX controls that can be triggered by a long password, allowing remote attackers to cause a denial of service (application...
CVE-2011-5088
The CVE covers the ICONICS GENESIS32/ BizViz SetTrustedZone vulnerability in the IcoSetServer ActiveX control (GENESIS32 9.21, BizViz 9.21). The issue arises when trusted zone policy is configured from user input, allowing a crafted website to trigger remote code execution through the WebHMI/Work...
CVE-2011-2089
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE...
Stack overflow
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE...
CVE-2011-2089
Summary of CVE-2011-2089 (ICONICS WebHMI / BizViz / GENESIS32) : A stack-based buffer overflow in the GenVersion.dll VersionInfo ActiveX control (SetActiveXGUID) allows remote code execution via a long string argument. Affected: ICONICS BizViz 9.x (before 9.22) and GENESIS32 9.x (before 9.22) wit...
Serious SCADA Security Flaw Affects Critical Infrastructure Firms
The U.S.’s Computer Emergency Response Team CERT issued a warning to critical infrastructure firms on Wednesday about a serious security hole in products from Massachusetts firm Iconics that could leave critical systems vulnerable to remote attacks. U.S. companies in the electricity, oil and gas,...
ICONICS Login ActiveX Vulnerability
Overview ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning a vulnerability that affects ICONICS GENESIS32 and BizViz products. This vulnerability includes a crash in the Security Login controls used by GENESIS32 due to a buffer overflow...