CVE-2012-0254 HIGH

Published: 2012-09-08 | Last Modified: 2026-06-16 | Status: Modified

Description

Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors.

Additional Descriptions (1)

Desbordamiento de búfer en el control ActiveX HMIWeb Browser HSCDSPRenderDLL en Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, y R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 y R410.1; y Honeywell Environmental Combustion y Controls (ECC) SymmetrE R410.1 permite a atacantes remotos a ejecutar código a través de vectores no especificados.

CVSS Metrics

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-787

Affected Products

Vendor	Product	Version	Update	Type
honeywell	enterprise_building_manager	r400	<built-in method update of dict object at 0x7c3c40dd5ac0>	Application
honeywell	enterprise_building_manager	r410.1	<built-in method update of dict object at 0x7c3c476bf280>	Application
honeywell	experion	r200	<built-in method update of dict object at 0x7c3c477f6e00>	Application
honeywell	experion	r300	<built-in method update of dict object at 0x7c3bf3b2f440>	Application
honeywell	experion	r310	<built-in method update of dict object at 0x7c3c477e4580>	Application
honeywell	experion	r400.0	<built-in method update of dict object at 0x7c3bf3a1edc0>	Application
honeywell	symmetre	r410.1	<built-in method update of dict object at 0x7c3c476bf940>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:honeywell:enterprise_building_manager:r400:::::::*`
Yes	`cpe:2.3:a:honeywell:enterprise_building_manager:r410.1:::::::*`
Yes	`cpe:2.3:a:honeywell:experion:r200:::::::*`
Yes	`cpe:2.3:a:honeywell:experion:r300:::::::*`
Yes	`cpe:2.3:a:honeywell:experion:r310:::::::*`
Yes	`cpe:2.3:a:honeywell:experion:r400.0:::::::*`
Yes	`cpe:2.3:a:honeywell:symmetre:r410.1:::::::*`

References

http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf
Source: [email protected]

Third Party Advisory US Government Resource
https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx
Source: [email protected]

Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory