IM
IronMonkey Threat Research

CVE-2012-0254 HIGH

Published: 2012-09-08 | Last Modified: 2026-06-16 | Status: Modified

Description

Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors.

Additional Descriptions (1)

Desbordamiento de búfer en el control ActiveX HMIWeb Browser HSCDSPRenderDLL en Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, y R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 y R410.1; y Honeywell Environmental Combustion y Controls (ECC) SymmetrE R410.1 permite a atacantes remotos a ejecutar código a través de vectores no especificados.

CVSS Metrics

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Primary
en CWE-787

Affected Products

Vendor Product Version Update Type
honeywell enterprise_building_manager r400 <built-in method update of dict object at 0x7c3c40dd5ac0> Application
honeywell enterprise_building_manager r410.1 <built-in method update of dict object at 0x7c3c476bf280> Application
honeywell experion r200 <built-in method update of dict object at 0x7c3c477f6e00> Application
honeywell experion r300 <built-in method update of dict object at 0x7c3bf3b2f440> Application
honeywell experion r310 <built-in method update of dict object at 0x7c3c477e4580> Application
honeywell experion r400.0 <built-in method update of dict object at 0x7c3bf3a1edc0> Application
honeywell symmetre r410.1 <built-in method update of dict object at 0x7c3c476bf940> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:honeywell:enterprise_building_manager:r400:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:enterprise_building_manager:r410.1:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:experion:r200:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:experion:r300:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:experion:r310:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:experion:r400.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:symmetre:r410.1:*:*:*:*:*:*:*

References

Notification
Message here