IM
IronMonkey Threat Research

CVE-2013-0108 MEDIUM

Published: 2013-02-24 | Last Modified: 2026-06-16 | Status: Modified

Description

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.

Additional Descriptions (1)

Vulnerabilidad en el control activeX en HscRemoteDeploy.dll en Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, y R410.2; SymmetrE R310, R410.1, y R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; y los paquetes de los clientes HMIWeb Browser, permiten a atacantes remotos ejecutar código HTML de su elección a través de un documento HTML manipulado.

CVSS Metrics

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Primary
en CWE-94

Affected Products

Vendor Product Version Update Type
honeywell enterprise_buildings_integrator r310 <built-in method update of dict object at 0x7c3c40d57e00> Application
honeywell enterprise_buildings_integrator r400.2 <built-in method update of dict object at 0x7c3c40d55100> Application
honeywell enterprise_buildings_integrator r410.1 <built-in method update of dict object at 0x7c3bf3e0cc40> Application
honeywell enterprise_buildings_integrator r410.2 <built-in method update of dict object at 0x7c3c40d55a00> Application
honeywell symmetre r310 <built-in method update of dict object at 0x7c3c40d55880> Application
honeywell symmetre r400.2 <built-in method update of dict object at 0x7c3c40d54400> Application
honeywell symmetre r410.1 <built-in method update of dict object at 0x7c3c40d54140> Application
honeywell comfortpoint_open_manager_station r100 <built-in method update of dict object at 0x7c3bf3b05b00> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:honeywell:enterprise_buildings_integrator:r310:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:enterprise_buildings_integrator:r400.2:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:enterprise_buildings_integrator:r410.1:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:enterprise_buildings_integrator:r410.2:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:honeywell:symmetre:r310:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:symmetre:r400.2:*:*:*:*:*:*:*
Yes cpe:2.3:a:honeywell:symmetre:r410.1:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:honeywell:comfortpoint_open_manager_station:r100:*:*:*:*:*:*:*

References

Notification
Message here