All the vulnerabilites related to iconics - genesis32
cve-2011-5088
Vulnerability from cvelistv5
Published
2012-04-18 17:00
Modified
2024-09-17 04:18
Severity ?
Summary
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:23:39.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-04-18T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-5088",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-5088",
    "datePublished": "2012-04-18T17:00:00Z",
    "dateReserved": "2012-04-18T00:00:00Z",
    "dateUpdated": "2024-09-17T04:18:54.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3018
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-09-16 19:57
Severity ?
Summary
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:50:05.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-07-31T10:00:00Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2012-3018",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2012-3018",
    "datePublished": "2012-07-31T10:00:00Z",
    "dateReserved": "2012-05-30T00:00:00Z",
    "dateUpdated": "2024-09-16T19:57:03.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12011
Vulnerability from cvelistv5
Published
2020-07-16 18:53
Modified
2024-08-04 11:48
Severity ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
Impacted products
Vendor Product Version
n/a MC Works32 Version: Version 3.00A (9.50.255.02)
n/a ICONICS  GenBroker64, Platform Services, Workbench, FrameWorX Server Version: v10.96 and prior
n/a GenBroker32 Version: v9.5 and prior
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mitsubishi Electric MC Works64",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Version 4.02C (10.95.208.31) and earlier"
            },
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "MC Works32",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.00A (9.50.255.02)"
            }
          ]
        },
        {
          "product": "ICONICS\u00a0 GenBroker64, Platform Services, Workbench, FrameWorX Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v10.96 and prior"
            }
          ]
        },
        {
          "product": "GenBroker32",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v9.5 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "OUT-OF-BOUNDS WRITE CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T18:53:05",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12011",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mitsubishi Electric MC Works64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 4.02C (10.95.208.31) and earlier"
                          },
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MC Works32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.00A (9.50.255.02)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICONICS\u00a0 GenBroker64, Platform Services, Workbench, FrameWorX Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v10.96 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GenBroker32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v9.5 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "OUT-OF-BOUNDS WRITE CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12011",
    "datePublished": "2020-07-16T18:53:05",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.125Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0758
Vulnerability from cvelistv5
Published
2014-02-24 02:00
Modified
2024-08-06 09:27
Severity ?
Summary
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-24T02:57:00",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0758",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0758",
    "datePublished": "2014-02-24T02:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2024-08-06T09:27:19.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12015
Vulnerability from cvelistv5
Published
2020-07-16 21:30
Modified
2024-08-04 11:48
Severity ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
Impacted products
Vendor Product Version
Mitsubishi Electric MC Works32 Version: version 3.00A (9.50.255.02)
ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server Version: version 10.96 and prior
ICONICS GenBroker32 Version: version 9.5 and prior
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.726Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MC Works64",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.02C (10.95.208.31) and earlier"
            },
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "MC Works32",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "version 3.00A (9.50.255.02)"
            }
          ]
        },
        {
          "product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "version 10.96 and prior"
            }
          ]
        },
        {
          "product": "GenBroker32",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "version 9.5 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T21:30:43",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MC Works64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 4.02C (10.95.208.31) and earlier"
                          },
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MC Works32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 3.00A (9.50.255.02)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 10.96 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GenBroker32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 9.5 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICONICS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03",
              "refsource": "CONFIRM",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02",
              "refsource": "CONFIRM",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12015",
    "datePublished": "2020-07-16T21:30:43",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12013
Vulnerability from cvelistv5
Published
2020-07-16 21:14
Modified
2024-08-04 11:48
Severity ?
Summary
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
Impacted products
Vendor Product Version
Mitsubishi Electric MC Works32 Version: Version 3.00A (9.50.255.02)
ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server Version: v10.96 and prior
ICONICS GenBroker32 Version: v9.5 and prior
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MC Works64",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 4.02C (10.95.208.31) and earlier"
            },
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "MC Works32",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.00A (9.50.255.02)"
            }
          ]
        },
        {
          "product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "v10.96 and prior"
            }
          ]
        },
        {
          "product": "GenBroker32",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "v9.5 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "IMPROPER CONTROL OF GENERATION OF CODE (\u0027CODE INJECTION\u0027) CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T21:14:34",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12013",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MC Works64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 4.02C (10.95.208.31) and earlier"
                          },
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MC Works32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.00A (9.50.255.02)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v10.96 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GenBroker32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v9.5 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICONICS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER CONTROL OF GENERATION OF CODE (\u0027CODE INJECTION\u0027) CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12013",
    "datePublished": "2020-07-16T21:14:34",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-5089
Vulnerability from cvelistv5
Published
2012-04-18 17:00
Modified
2024-08-07 00:23
Severity ?
Summary
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:23:39.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "genesis32-security-login-bo(74932)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "genesis32-security-login-bo(74932)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-5089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "genesis32-security-login-bo(74932)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-5089",
    "datePublished": "2012-04-18T17:00:00",
    "dateReserved": "2012-04-18T00:00:00",
    "dateUpdated": "2024-08-07T00:23:39.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12007
Vulnerability from cvelistv5
Published
2020-07-16 21:49
Modified
2024-08-04 11:48
Severity ?
Summary
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
Impacted products
Vendor Product Version
Mitsubishi Electric MC Works32 Version: Version 3.00A (9.50.255.02)
ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server Version: v10.96 and prior
ICONICS GenBroker32 Version: v9.5 and prior
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MC Works64",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 4.02C (10.95.208.31) and earlier"
            },
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "MC Works32",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.00A (9.50.255.02)"
            }
          ]
        },
        {
          "product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "v10.96 and prior"
            }
          ]
        },
        {
          "product": "GenBroker32",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "v9.5 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T21:49:12",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MC Works64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 4.02C (10.95.208.31) and earlier"
                          },
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MC Works32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.00A (9.50.255.02)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v10.96 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GenBroker32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v9.5 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICONICS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12007",
    "datePublished": "2020-07-16T21:49:12",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12009
Vulnerability from cvelistv5
Published
2020-07-16 19:39
Modified
2024-09-16 23:00
Severity ?
Summary
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
Impacted products
Vendor Product Version
Mitsubishi Electric MC Works32 Version: Version 3.00A (9.50.255.02)
ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server Version: v10.96 and prior
ICONICS GenBroker32 Version: v9.5 and prior
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MC Works64",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "4.02C (10.95.208.31) and earlier"
            },
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "MC Works32",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.00A (9.50.255.02)"
            }
          ]
        },
        {
          "product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "v10.96 and prior"
            }
          ]
        },
        {
          "product": "GenBroker32",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "v9.5 and prior"
            }
          ]
        }
      ],
      "datePublic": "2020-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T19:39:24",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2020-06-18T15:00:00.000Z",
          "ID": "CVE-2020-12009",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MC Works64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.02C (10.95.208.31) and earlier"
                          },
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MC Works32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.00A (9.50.255.02)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v10.96 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GenBroker32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v9.5 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICONICS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12009",
    "datePublished": "2020-07-16T19:39:24.072953Z",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-09-16T23:00:29.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2089
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-08-06 22:46
Severity ?
Summary
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
          },
          {
            "name": "72135",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/72135"
          },
          {
            "name": "44417",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44417"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
          },
          {
            "name": "ADV-2011-1174",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1174"
          },
          {
            "name": "47704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47704"
          },
          {
            "name": "17240",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17240"
          },
          {
            "name": "17269",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17269"
          },
          {
            "name": "webhmi-activex-bo(67267)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
        },
        {
          "name": "72135",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/72135"
        },
        {
          "name": "44417",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44417"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
        },
        {
          "name": "ADV-2011-1174",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1174"
        },
        {
          "name": "47704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47704"
        },
        {
          "name": "17240",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17240"
        },
        {
          "name": "17269",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17269"
        },
        {
          "name": "webhmi-activex-bo(67267)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf",
              "refsource": "MISC",
              "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
            },
            {
              "name": "72135",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/72135"
            },
            {
              "name": "44417",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44417"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
            },
            {
              "name": "ADV-2011-1174",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1174"
            },
            {
              "name": "47704",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47704"
            },
            {
              "name": "17240",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17240"
            },
            {
              "name": "17269",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17269"
            },
            {
              "name": "webhmi-activex-bo(67267)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2089",
    "datePublished": "2011-05-13T17:00:00",
    "dateReserved": "2011-05-13T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFE4C50-FB00-4449-8A7F-D524109A1F1D",
              "versionEndIncluding": "10.95.208.31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
    },
    {
      "lang": "es",
      "value": "Un cliente WCF especialmente dise\u00f1ado que interact\u00faa con el puede permitir la ejecuci\u00f3n de determinados comandos SQL arbitrarios remotamente. Esto afecta: Mitsubishi Electric MC Works64 Versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n v10.96 y anteriores; ICONICS GenBroker32 versi\u00f3n v9.5 y anteriores"
    }
  ],
  "id": "CVE-2020-12013",
  "lastModified": "2024-11-21T04:59:06.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-16T22:15:11.417",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-04-18 17:55
Modified
2024-11-21 01:33
Severity ?
Summary
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DFC8F6B-B298-49A3-BBD8-CDA74785AC0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E01069E-E059-446B-A0C5-89C37C902D3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02BE61E1-12E1-46B3-B725-9A73EAD272B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F303667-A48E-40D2-9C38-C9C2813020AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEF3187-A001-4604-A292-6192678B2AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2854F716-ED09-46E8-AF9C-030EADDDB29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585FE5D-0FA5-4E13-AA5E-B5714564A14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4B6521-EE6D-49FB-B771-830B34613007",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en los controles ActiveX Security Login en ICONICS GENESIS32 v8.05, v9.0, v9.1, y v9.2 y BizViz v8,05, v9,0, v9,1 y v9,2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una contrase\u00f1a larga."
    }
  ],
  "id": "CVE-2011-5089",
  "lastModified": "2024-11-21T01:33:36.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-04-18T17:55:01.213",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2024-11-21 01:27
Severity ?
Summary
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2854F716-ED09-46E8-AF9C-030EADDDB29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3214375-3D3A-47F9-BE1F-D92102A8C8F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585FE5D-0FA5-4E13-AA5E-B5714564A14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4B6521-EE6D-49FB-B771-830B34613007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "22060866-9121-480B-913A-41616CD94A27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "278C55AD-294C-4D39-8E50-0726CA523A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E01069E-E059-446B-A0C5-89C37C902D3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02BE61E1-12E1-46B3-B725-9A73EAD272B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7784C58-C8CF-4631-8171-67D95595FF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F303667-A48E-40D2-9C38-C9C2813020AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86628D9D-4270-4571-A57A-17962BC2027D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EFFA7EA-6775-44B8-88ED-D1B6E4AE259A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CDD1388-8FBF-4B3E-854E-B68D3EB6569B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en el m\u00e9todo SetActiveXGUID en el control VersionInfo ActiveX en GenVersion.dll v8.0.138.0 en el subsistema WebHMI en ICONICS BizViz v9.x anterior a v9.22 y GENESIS32 v9.x anterior a v9.22 permite a atacantes remotos ejecutar c\u00f3digo de su lecci\u00f3n a trav\u00e9s de una cadena larga en el argumento. NOTA: alguno de estos detalles son obtenidos de terceras partes de informaci\u00f3n"
    }
  ],
  "id": "CVE-2011-2089",
  "lastModified": "2024-11-21T01:27:34.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-13T17:05:45.643",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44417"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17240"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17269"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/72135"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/47704"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1174"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/72135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/47704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB",
              "versionEndIncluding": "10.95.208.31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
    },
    {
      "lang": "es",
      "value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado a los dispositivos afectados podr\u00eda permitir una ejecuci\u00f3n de c\u00f3digo remota y una condici\u00f3n de denegaci\u00f3n de servicio debido a una vulnerabilidad de deserializaci\u00f3n. Este problema afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n 10.96 y anteriores; ICONICS GenBroker32 versi\u00f3n 9.5 y anteriores"
    }
  ],
  "id": "CVE-2020-12007",
  "lastModified": "2024-11-21T04:59:06.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-16T22:15:11.337",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2C"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-16 22:15
Modified
2024-11-21 04:59
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB",
              "versionEndIncluding": "10.95.208.31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
    },
    {
      "lang": "es",
      "value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado a los sistemas afectados podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio debido a una deserializaci\u00f3n inapropiada. Este problema afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n v10.96 y anteriores; ICONICS GenBroker32 versi\u00f3n 9.5 y anteriores"
    }
  ],
  "id": "CVE-2020-12015",
  "lastModified": "2024-11-21T04:59:07.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-16T22:15:11.493",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-02-24 04:48
Modified
2024-11-21 02:02
Severity ?
Summary
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
Impacted products
Vendor Product Version
iconics genesis32 8.0
iconics genesis32 8.02
iconics genesis32 8.04
iconics genesis32 8.05



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E2CEDDA-8387-46C4-A1F5-5C6997B1ACB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:8.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A900FC3-9E22-49E0-B9A2-7B2717D12315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F6F5EC4-0FA4-4FF6-96A1-B7BD2ED6E8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DFC8F6B-B298-49A3-BBD8-CDA74785AC0A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
    },
    {
      "lang": "es",
      "value": "Un control de ActiveX en GenLaunch.htm en ICONICS GENESIS32 8.0, 8.02, 8.04 y 8.05 permite a atacantes remotos ejecutar programas arbitrarios a trav\u00e9s de un documento HTML manipulado."
    }
  ],
  "id": "CVE-2014-0758",
  "lastModified": "2024-11-21T02:02:45.437",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-24T04:48:10.193",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-16 20:15
Modified
2024-11-21 04:59
Summary
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB",
              "versionEndIncluding": "10.95.208.31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
    },
    {
      "lang": "es",
      "value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado al dispositivo afectado podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio debido a una vulnerabilidad de deserializaci\u00f3n. Esto afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; Mitsubishi Electric MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n v10.96 y anteriores; ICONICS GenBroker32 versi\u00f3n v9.5 y anteriores"
    }
  ],
  "id": "CVE-2020-12009",
  "lastModified": "2024-11-21T04:59:06.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-16T20:15:11.057",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-16 19:15
Modified
2024-11-21 04:59
Severity ?
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B1F646-0D54-4B3A-B39A-A45E1A0615EB",
              "versionEndIncluding": "10.95.208.31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68D91E4-0C65-45F0-965E-A6AAE0E2F09F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD143148-B191-4D8E-9C28-09D4AC5D192C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3C5226-94D4-4826-9B76-72626081DF46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E644D8-AB8E-4E3C-AE4B-64D3BBCC30BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78FF2A71-4918-491E-A5D8-DEB9E17FA6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16745C56-A59A-4C38-92E1-FC5C63220989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "717A4B7B-2A42-4A9C-961F-1EA5E62FB188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5082C435-FCCD-4CF6-891E-73F846A6FB40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF628CB2-BCA9-4E69-A9CB-846577F98DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "771DB32A-CD85-4638-B90E-25D9B4951DE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior."
    },
    {
      "lang": "es",
      "value": "Un paquete de comunicaci\u00f3n especialmente dise\u00f1ado enviado a los sistemas afectados podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio o permitir una ejecuci\u00f3n de c\u00f3digo remota. Este problema afecta: Mitsubishi Electric MC Works64 versi\u00f3n 4.02C (10.95.208.31) y anteriores, todas las versiones; MC Works32 versi\u00f3n 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server versi\u00f3n 10.96 y anteriores; GenBroker32 versi\u00f3n 9.5 y anteriores"
    }
  ],
  "id": "CVE-2020-12011",
  "lastModified": "2024-11-21T04:59:06.677",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-16T19:15:11.830",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2024-11-21 01:40
Severity ?
Summary
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5648CCCB-E3B4-4649-BF80-0CBBFF8D25ED",
              "versionEndIncluding": "9.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DFC8F6B-B298-49A3-BBD8-CDA74785AC0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E01069E-E059-446B-A0C5-89C37C902D3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02BE61E1-12E1-46B3-B725-9A73EAD272B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7784C58-C8CF-4631-8171-67D95595FF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F303667-A48E-40D2-9C38-C9C2813020AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86628D9D-4270-4571-A57A-17962BC2027D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EFFA7EA-6775-44B8-88ED-D1B6E4AE259A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CDD1388-8FBF-4B3E-854E-B68D3EB6569B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09717E94-3D2C-48E9-A267-4E75D2F343AD",
              "versionEndIncluding": "9.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEF3187-A001-4604-A292-6192678B2AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2854F716-ED09-46E8-AF9C-030EADDDB29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3214375-3D3A-47F9-BE1F-D92102A8C8F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585FE5D-0FA5-4E13-AA5E-B5714564A14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4B6521-EE6D-49FB-B771-830B34613007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "22060866-9121-480B-913A-41616CD94A27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "278C55AD-294C-4D39-8E50-0726CA523A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response."
    },
    {
      "lang": "es",
      "value": "La caracter\u00edstica lockout-recovery en el componente Security Configurator en ICONICS GENESIS32 v9.22 y anteriores y BizViz v9.22 y anteior usa un algoritmo de cifrado inadecuado para la generaci\u00f3n de c\u00f3digo de autenticaci\u00f3n, lo que permite a usuarios locales evitar las restricciones de acceso establecidas y obtener acceso administrativo prediciendo la respuesta a la solicitud."
    }
  ],
  "id": "CVE-2012-3018",
  "lastModified": "2024-11-21T01:40:07.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-31T10:45:42.467",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-04-18 17:55
Modified
2024-11-21 01:33
Severity ?
Summary
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."
Impacted products
Vendor Product Version
iconics bizviz 9.21
iconics genesis32 9.21



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CDD1388-8FBF-4B3E-854E-B68D3EB6569B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El control ActiveX GENESIS32 IcoSetServer en ICONICS GENESIS32 v9.21 y BizViz v9.21 configura la zona de confianza sobre la base de datos del usuario, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web modificado, relaci\u00f3nado con una \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
    }
  ],
  "id": "CVE-2011-5088",
  "lastModified": "2024-11-21T01:33:36.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-04-18T17:55:01.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-202007-0206
Vulnerability from variot

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0206",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "electric mc works64 \u003c=4.02c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishi",
        "version": "(10.95.208.31)"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mc works32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "9.50.255.02"
      },
      {
        "model": "mc works",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "10.95.208.31"
      },
      {
        "model": "quality analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "hyper historian",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mobilehmi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "smart energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "facility analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 0.7,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "electric mc works32 3.00a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": "(9.50.255.02)"
      },
      {
        "model": "electric mc works32 3.00a",
        "scope": "eq",
        "trust": 0.4,
        "vendor": "mitsubishi",
        "version": "(9.50.255.02)*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12009"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.95.208.31",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12009"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Team FLASHBACK: Pedro Ribeiro (pedrib@gmail.com|@pedrib1337) and Radek Domanski (@RabbitPro)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-12009",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-34371",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-12009",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-12009",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-12009",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-34371",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1208",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1208"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12009"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      },
      {
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-12009",
        "trust": 3.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-02",
        "trust": 2.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-03",
        "trust": 1.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-777",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1208",
        "trust": 1.0
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10272",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2147",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "D97CB3A1-CB5E-4BB3-B9B8-62A73DD1F132",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "2AEA7BB9-A918-4CCF-A751-B9794DF3809B",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1208"
      }
    ]
  },
  "id": "VAR-202007-0206",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      }
    ],
    "trust": 1.78927874
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:35:28.353000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 Code Issue Vulnerability (CNVD-2020-34371)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/222935"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-502",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12009"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 1.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 1.2,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-777/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12009"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1208"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1208"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      },
      {
        "date": "2020-07-16T20:15:11.057000",
        "db": "NVD",
        "id": "CVE-2020-12009"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1208"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-777"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34371"
      },
      {
        "date": "2020-07-29T13:53:26.653000",
        "db": "NVD",
        "id": "CVE-2020-12009"
      },
      {
        "date": "2020-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1208"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1208"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "(Pwn2Own) ICONICS Genesis64 PKGX WbPackAndGoSettings Absolute Path Traversal Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-777"
      }
    ],
    "trust": 0.7
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Code problem",
    "sources": [
      {
        "db": "IVD",
        "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
      },
      {
        "db": "IVD",
        "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1208"
      }
    ],
    "trust": 1.0
  }
}

var-190001-0687
Vulnerability from variot

GENESIS32 is a new generation of industrial control software developed by ICONICS. There are eight memory corruption vulnerabilities in the ICONICS GENESIS32 product that affect the ScriptWorX32, GraphWorX32, AlarmWorX32, and TrendWorX32 containers. Attackers build specially crafted files that trick users into opening, crashing applications, or executing arbitrary code. Successful exploits will allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions. Iconics GENESIS32 versions 8.05, 9.0, 9.1. 9.2 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------

Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/


TITLE: ICONICS GENESIS32 Multiple Memory Corruption Vulnerabilities

SECUNIA ADVISORY ID: SA46351

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46351/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46351

RELEASE DATE: 2011-10-16

DISCUSS ADVISORY: http://secunia.com/advisories/46351/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/46351/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46351

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Multiple vulnerabilities have been reported in ICONICS GENESIS32, which can be exploited by malicious people to compromise a user's system.

1) Some errors in the ScriptWorX32 component can be exploited to corrupt memory via a specially crafted file.

2) Some errors in the AlarmWorX32 component can be exploited to corrupt memory via a specially crafted file.

3) Some errors in the TrendWorX32 component can be exploited to corrupt memory via a specially crafted file.

4) Some errors in the GraphWorX32 component can be exploited to corrupt memory via a specially crafted file.

SOLUTION: Apply patches (contact the vendor for further information).

PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Billy Rios and Terry McCorkle.

ORIGINAL ADVISORY: ICS-CERT (ICSA-11-273-01): http://www.us-cert.gov/control_systems/pdf/ICSA-11-273-01.pdf

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-190001-0687",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "iconics",
        "version": "8.05"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "9.2*"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "9.1*"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "9.0*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      },
      {
        "db": "BID",
        "id": "49902"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Billy Rios and Terry McCorkle",
    "sources": [
      {
        "db": "BID",
        "id": "49902"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ],
    "trust": 0.9
  },
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "73ee950c-1f86-11e6-abef-000c29c66e3d",
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
            "version": "2.0 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "IVD",
            "id": "73ee950c-1f86-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GENESIS32 is a new generation of industrial control software developed by ICONICS. There are eight memory corruption vulnerabilities in the ICONICS GENESIS32 product that affect the ScriptWorX32, GraphWorX32, AlarmWorX32, and TrendWorX32 containers. Attackers build specially crafted files that trick users into opening, crashing applications, or executing arbitrary code. \nSuccessful exploits will allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions. \nIconics GENESIS32 versions 8.05, 9.0, 9.1. 9.2 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS GENESIS32 Multiple Memory Corruption Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46351\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46351/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46351\n\nRELEASE DATE:\n2011-10-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46351/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46351/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46351\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in ICONICS GENESIS32,\nwhich can be exploited by malicious people to compromise a user\u0027s\nsystem. \n\n1) Some errors in the ScriptWorX32 component can be exploited to\ncorrupt memory via a specially crafted file. \n\n2) Some errors in the AlarmWorX32 component can be exploited to\ncorrupt memory via a specially crafted file. \n\n3) Some errors in the TrendWorX32 component can be exploited to\ncorrupt memory via a specially crafted file. \n\n4) Some errors in the GraphWorX32 component can be exploited to\ncorrupt memory via a specially crafted file. \n\nSOLUTION:\nApply patches (contact the vendor for further information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Billy Rios and Terry McCorkle. \n\nORIGINAL ADVISORY:\nICS-CERT (ICSA-11-273-01):\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-273-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      },
      {
        "db": "BID",
        "id": "49902"
      },
      {
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      },
      {
        "db": "PACKETSTORM",
        "id": "105841"
      }
    ],
    "trust": 1.08
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "49902",
        "trust": 1.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-273-01",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-404",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "73EE950C-1F86-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "46351",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "105841",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      },
      {
        "db": "BID",
        "id": "49902"
      },
      {
        "db": "PACKETSTORM",
        "id": "105841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ]
  },
  "id": "VAR-190001-0687",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      }
    ],
    "trust": 1.4315789
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      }
    ]
  },
  "last_update_date": "2022-05-17T22:37:44.580000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Iconics GENESIS32 has multiple patches for memory corruption vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5272"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-273-01.pdf"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/49902"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/home/products/hmi-and-scada/genesis32.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46351/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46351/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46351"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      },
      {
        "db": "BID",
        "id": "49902"
      },
      {
        "db": "PACKETSTORM",
        "id": "105841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      },
      {
        "db": "BID",
        "id": "49902"
      },
      {
        "db": "PACKETSTORM",
        "id": "105841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-03T00:00:00",
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-10-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      },
      {
        "date": "2011-09-30T00:00:00",
        "db": "BID",
        "id": "49902"
      },
      {
        "date": "2011-10-15T03:34:25",
        "db": "PACKETSTORM",
        "id": "105841"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3989"
      },
      {
        "date": "2011-09-30T00:00:00",
        "db": "BID",
        "id": "49902"
      },
      {
        "date": "2011-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Iconics GENESIS32 Multiple memory corruption vulnerabilities",
    "sources": [
      {
        "db": "IVD",
        "id": "73ee950c-1f86-11e6-abef-000c29c66e3d"
      },
      {
        "db": "BID",
        "id": "49902"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ],
    "trust": 1.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-404"
      }
    ],
    "trust": 0.6
  }
}

var-201103-0378
Vulnerability from variot

The Symantec LiveUpdate Administrator is a Symantec product upgrade management program. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. GENESIS32/64 can trigger multiple memory corruption and integer overflow vulnerabilities due to incorrect validation of user-supplied input. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. Failed exploit attempts will likely result in denial-of-service conditions. The following versions are vulnerable; other versions may also be affected: GENESIS32 9.21 GENESIS64 10.51

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201103-0378",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "iconics",
        "version": "10.51"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.21.201.01"
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "10.51*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      },
      {
        "db": "BID",
        "id": "46939"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma",
    "sources": [
      {
        "db": "BID",
        "id": "46939"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-530"
      }
    ],
    "trust": 0.9
  },
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d",
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
            "version": "2.0 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "IVD",
            "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Symantec LiveUpdate Administrator is a Symantec product upgrade management program. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. GENESIS32/64 can trigger multiple memory corruption and integer overflow vulnerabilities due to incorrect validation of user-supplied input. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. Failed exploit attempts will likely  result in denial-of-service conditions. \nThe following versions are vulnerable; other versions may also be affected:\nGENESIS32 9.21\nGENESIS64 10.51",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      },
      {
        "db": "BID",
        "id": "46939"
      },
      {
        "db": "IVD",
        "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "46939",
        "trust": 1.5
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-530",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "2335B7AC-1F9B-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      },
      {
        "db": "BID",
        "id": "46939"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-530"
      }
    ]
  },
  "id": "VAR-201103-0378",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      }
    ],
    "trust": 1.343421035
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      }
    ]
  },
  "last_update_date": "2022-05-17T01:46:45.580000Z",
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/46939http"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/46939"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_1-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_10-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_11-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_12-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_13-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_2-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_3-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_4-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_5-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_6-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_7-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_8-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://aluigi.org/adv/genesis_9-adv.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/home/products/hmi-and-scada/genesis32.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/home/products/hmi-and-scada/genesis64.aspx"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/517080"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      },
      {
        "db": "BID",
        "id": "46939"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-530"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      },
      {
        "db": "BID",
        "id": "46939"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-530"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-22T00:00:00",
        "db": "IVD",
        "id": "2335b7ac-1f9b-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-03-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      },
      {
        "date": "2011-03-21T00:00:00",
        "db": "BID",
        "id": "46939"
      },
      {
        "date": "2011-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-530"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      },
      {
        "date": "2015-03-19T09:13:00",
        "db": "BID",
        "id": "46939"
      },
      {
        "date": "2015-03-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-530"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-530"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There are multiple security vulnerabilities in Iconics GENESIS32 and GENESIS64",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1178"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-530"
      }
    ],
    "trust": 0.6
  }
}

var-202007-0207
Vulnerability from variot

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0207",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "electric mc works64 \u003c=4.02c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishi",
        "version": "(10.95.208.31)"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mc works32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "9.50.255.02"
      },
      {
        "model": "mc works",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "10.95.208.31"
      },
      {
        "model": "quality analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "hyper historian",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mobilehmi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "smart energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "facility analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 0.7,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "electric mc works32 3.00a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": "(9.50.255.02)"
      },
      {
        "model": "electric mc works32 3.00a",
        "scope": "eq",
        "trust": 0.4,
        "vendor": "mitsubishi",
        "version": "(9.50.255.02)*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12011"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.95.208.31",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12011"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-12011",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2020-34373",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-12011",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-12011",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-12011",
            "trust": 0.7,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-34373",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1210",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1210"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64.  Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12011"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      },
      {
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-12011",
        "trust": 3.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-02",
        "trust": 2.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-03",
        "trust": 1.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-778",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1210",
        "trust": 1.0
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10274",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2147",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "2E91579B-642F-4242-83F1-D1D890CC5345",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "213F4B05-E0A3-4F65-B456-B752579D9402",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1210"
      }
    ]
  },
  "id": "VAR-202007-0207",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      }
    ],
    "trust": 1.78927874
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:35:28.320000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 buffer overflow vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/222929"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12011"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 1.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 1.2,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-778/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12011"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1210"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1210"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      },
      {
        "date": "2020-07-16T19:15:11.830000",
        "db": "NVD",
        "id": "CVE-2020-12011"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1210"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-778"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34373"
      },
      {
        "date": "2020-07-29T13:55:13.330000",
        "db": "NVD",
        "id": "CVE-2020-12011"
      },
      {
        "date": "2020-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1210"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1210"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "(Pwn2Own) ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-778"
      }
    ],
    "trust": 0.7
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
      },
      {
        "db": "IVD",
        "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1210"
      }
    ],
    "trust": 1.0
  }
}

var-202007-0205
Vulnerability from variot

A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0205",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "electric mc works64 \u003c=4.02c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishi",
        "version": "(10.95.208.31)"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mc works32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "9.50.255.02"
      },
      {
        "model": "mc works",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "10.95.208.31"
      },
      {
        "model": "quality analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "hyper historian",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mobilehmi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "smart energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "facility analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 0.7,
        "vendor": "iconics",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12007"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.95.208.31",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12007"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yehuda Anikster of Claroty Research",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-776"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-12007",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-34369",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-12007",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-12007",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-12007",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-12007",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-34369",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1227",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-12007",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12007"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1227"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12007"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      },
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12007"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-12007",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-02",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-03",
        "trust": 1.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-776",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1227",
        "trust": 1.0
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10267",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2147",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "B28667EE-4B0F-4654-BD4F-FBB2C24C795A",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "36556B9E-B308-4C4F-A8AF-5FCE9F89C31B",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12007",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12007"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1227"
      }
    ]
  },
  "id": "VAR-202007-0205",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      }
    ],
    "trust": 1.736598425
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:35:28.241000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "title": "Patch for Mitsubishi Electric MC Works64 code issue vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/222941"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-502",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12007"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 1.2,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 1.0,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2c"
      },
      {
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12007"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-776/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/502.html"
      },
      {
        "trust": 0.1,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183626"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12007"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1227"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12007"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1227"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      },
      {
        "date": "2020-07-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-12007"
      },
      {
        "date": "2020-07-16T22:15:11.337000",
        "db": "NVD",
        "id": "CVE-2020-12007"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1227"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-776"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      },
      {
        "date": "2020-07-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-12007"
      },
      {
        "date": "2023-11-07T03:15:18.663000",
        "db": "NVD",
        "id": "CVE-2020-12007"
      },
      {
        "date": "2020-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1227"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1227"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mitsubishi Electric MC Works64 Code Issue Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34369"
      }
    ],
    "trust": 1.0
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Code problem",
    "sources": [
      {
        "db": "IVD",
        "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
      },
      {
        "db": "IVD",
        "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1227"
      }
    ],
    "trust": 1.0
  }
}

var-201204-0057
Vulnerability from variot

The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability.". ICONICS is a company specializing in providing OPC-based visualization software. GENESIS32 is prone to a remote security vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. This may potentially allow for the execution of arbitrary code. ----------------------------------------------------------------------

The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242


TITLE: ICONICS IcoSetServer ActiveX Control Trusted Zone Policy Manipulation

SECUNIA ADVISORY ID: SA45847

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45847

RELEASE DATE: 2011-09-02

DISCUSS ADVISORY: http://secunia.com/advisories/45847/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/45847/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=45847

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in the ICONICS IcoSetServer ActiveX Control, which can be exploited by malicious people to manipulate certain data.

The vulnerability is reported in version 9.21. Other versions may also be affected.

SOLUTION: Apply patch or update to version 9.22.

PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT.

ORIGINAL ADVISORY: ICONICS: http://www.iconics.com/certs

ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0057",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 3.8,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 3.6,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "icosetserver activex control",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "no",
        "version": null
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.21.201.01"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "0"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "bizviz",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.21"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.21"
      },
      {
        "model": "icosetserver activex control",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "9.21*"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "9.21*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "db": "BID",
        "id": "79756"
      },
      {
        "db": "BID",
        "id": "49406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-5088"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Billy Rios and Terry McCorkle",
    "sources": [
      {
        "db": "BID",
        "id": "49406"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-547"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2011-5088",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-5088",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2011-6116",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d",
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
            "version": "2.0 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-5088",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2011-6116",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201204-417",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "f06efdd0-2353-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\". ICONICS is a company specializing in providing OPC-based visualization software. GENESIS32 is prone to a remote security vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. This may potentially allow for the execution of arbitrary code. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS IcoSetServer ActiveX Control Trusted Zone Policy Manipulation\n\nSECUNIA ADVISORY ID:\nSA45847\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45847/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847\n\nRELEASE DATE:\n2011-09-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45847/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45847/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in the ICONICS IcoSetServer ActiveX\nControl, which can be exploited by malicious people to manipulate\ncertain data. \n\nThe vulnerability is reported in version 9.21. Other versions may\nalso be affected. \n\nSOLUTION:\nApply patch or update to version 9.22. \n\nPROVIDED AND/OR DISCOVERED BY:\nBilly Rios and Terry McCorkle via ICS-CERT. \n\nORIGINAL ADVISORY:\nICONICS:\nhttp://www.iconics.com/certs\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-5088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "db": "BID",
        "id": "79756"
      },
      {
        "db": "BID",
        "id": "49406"
      },
      {
        "db": "IVD",
        "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "PACKETSTORM",
        "id": "104702"
      }
    ],
    "trust": 4.05
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSA-11-182-01",
        "trust": 3.1
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5088",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "49406",
        "trust": 1.5
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-417",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "45847",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-547",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "79756",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "7D7C4190-463F-11E9-B3F2-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "0347C63A-1F8A-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "F06EFDD0-2353-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "56E4B816-1F8A-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "104702",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "db": "BID",
        "id": "79756"
      },
      {
        "db": "BID",
        "id": "49406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "db": "PACKETSTORM",
        "id": "104702"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ]
  },
  "id": "VAR-201204-0057",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      }
    ],
    "trust": 2.7413905
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 2.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:52:18.634000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CERT Security Update",
        "trust": 0.8,
        "url": "http://www.iconics.com/certs"
      },
      {
        "title": "\\302\\240ICONICS IcoSetServer ActiveX Control Trust Domain Policy Operation Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/4983"
      },
      {
        "title": "ICONICS IcoSetServer ActiveX Control Trusted Space Any Domain Name Injection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/36330"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5088"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-182-01.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5088"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5088"
      },
      {
        "trust": 0.7,
        "url": "http://secunia.com/advisories/45847/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/49406/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/49406"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45847"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/242"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://www.iconics.com/certs"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/45847/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "db": "BID",
        "id": "79756"
      },
      {
        "db": "BID",
        "id": "49406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "db": "PACKETSTORM",
        "id": "104702"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "db": "BID",
        "id": "79756"
      },
      {
        "db": "BID",
        "id": "49406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "db": "PACKETSTORM",
        "id": "104702"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-05T00:00:00",
        "db": "IVD",
        "id": "7d7c4190-463f-11e9-b3f2-000c29342cb1"
      },
      {
        "date": "2011-09-05T00:00:00",
        "db": "IVD",
        "id": "0347c63a-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2012-04-19T00:00:00",
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-02T00:00:00",
        "db": "IVD",
        "id": "56e4b816-1f8a-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "date": "2011-09-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "date": "2012-04-18T00:00:00",
        "db": "BID",
        "id": "79756"
      },
      {
        "date": "2011-09-01T00:00:00",
        "db": "BID",
        "id": "49406"
      },
      {
        "date": "2012-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "date": "2011-09-01T03:53:12",
        "db": "PACKETSTORM",
        "id": "104702"
      },
      {
        "date": "2012-04-18T17:55:01.167000",
        "db": "NVD",
        "id": "CVE-2011-5088"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201108-547"
      },
      {
        "date": "2012-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3478"
      },
      {
        "date": "2011-09-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "date": "2012-04-18T00:00:00",
        "db": "BID",
        "id": "79756"
      },
      {
        "date": "2015-03-19T08:52:00",
        "db": "BID",
        "id": "49406"
      },
      {
        "date": "2012-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-005040"
      },
      {
        "date": "2012-04-19T04:00:00",
        "db": "NVD",
        "id": "CVE-2011-5088"
      },
      {
        "date": "2011-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201108-547"
      },
      {
        "date": "2012-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ICONICS IcoSetServer ActiveX Control Trusted Space Any Domain Name Injection Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-6116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201108-547"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design error",
    "sources": [
      {
        "db": "IVD",
        "id": "f06efdd0-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "BID",
        "id": "49406"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-417"
      }
    ],
    "trust": 1.1
  }
}

var-202007-1433
Vulnerability from variot

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process.

There is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1433",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "electric mc works64 \u003c=4.02c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishi",
        "version": "(10.95.208.31)"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mc works64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "10.95.208.31"
      },
      {
        "model": "energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mc works32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "9.50.255.02"
      },
      {
        "model": "quality analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "hyper historian",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mobilehmi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "smart energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "facility analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 0.7,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "electric mc works32 3.00a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": "(9.50.255.02)"
      },
      {
        "model": "electric mc works32 3.00a",
        "scope": "eq",
        "trust": 0.4,
        "vendor": "mitsubishi",
        "version": "(9.50.255.02)*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
      },
      {
        "db": "IVD",
        "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12013"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.95.208.31",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12013"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ben McBride",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-12013",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 9.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-34370",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 9.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 9.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-12013",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-12013",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-12013",
            "trust": 0.7,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-34370",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1207",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
      },
      {
        "db": "IVD",
        "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1207"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process. \n\r\n\r\nThere is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12013"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      },
      {
        "db": "IVD",
        "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
      },
      {
        "db": "IVD",
        "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-12013",
        "trust": 3.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-02",
        "trust": 2.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-03",
        "trust": 1.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-779",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1207",
        "trust": 1.0
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10288",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2147",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "619034F0-2A16-43EB-8D34-F889BD91A2AF",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "E2B262E1-E8A9-471A-A771-486F23CD118B",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
      },
      {
        "db": "IVD",
        "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1207"
      }
    ]
  },
  "id": "VAR-202007-1433",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
      },
      {
        "db": "IVD",
        "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      }
    ],
    "trust": 1.78927874
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
      },
      {
        "db": "IVD",
        "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:35:28.209000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/222939"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12013"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 1.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 1.2,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-779/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12013"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1207"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
      },
      {
        "db": "IVD",
        "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1207"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      },
      {
        "date": "2020-07-16T22:15:11.417000",
        "db": "NVD",
        "id": "CVE-2020-12013"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1207"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-779"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34370"
      },
      {
        "date": "2021-11-04T17:39:53.020000",
        "db": "NVD",
        "id": "CVE-2020-12013"
      },
      {
        "date": "2021-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1207"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1207"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-779"
      }
    ],
    "trust": 0.7
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1207"
      }
    ],
    "trust": 0.6
  }
}

var-202007-0208
Vulnerability from variot

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0208",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "electric mc works64 \u003c=4.02c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishi",
        "version": "(10.95.208.31)"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mc works32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "9.50.255.02"
      },
      {
        "model": "mc works",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "10.95.208.31"
      },
      {
        "model": "quality analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "hyper historian",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mobilehmi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "smart energy analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "facility analytix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "bizviz",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "energy analytix",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "facility analytix",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis 64",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "genesis32",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "hyper historian",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mobilehmi",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "quality analytix",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "smart energy analytix",
        "scope": null,
        "trust": 0.8,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "mc works",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "64"
      },
      {
        "model": "mc works 32",
        "scope": null,
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 0.7,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "electric mc works32 3.00a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mitsubishi",
        "version": "(9.50.255.02)"
      },
      {
        "model": "electric mc works32 3.00a",
        "scope": "eq",
        "trust": 0.4,
        "vendor": "mitsubishi",
        "version": "(9.50.255.02)*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12015"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.95.208.31",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works32:9.50.255.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:facility_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:hyper_historian:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:mobilehmi:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:quality_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:smart_energy_analytix:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12015"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-780"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-12015",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008308",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-34372",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "31ad87c7-757e-410a-89c6-906cc763b446",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008308",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-12015",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-12015",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-008308",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-12015",
            "trust": 0.7,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-34372",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1209",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1209"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64.  Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-12015",
        "trust": 4.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-02",
        "trust": 3.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-170-03",
        "trust": 2.4
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-780",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1209",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVNVU95379131",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10297",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2147",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "4BDA61CA-BD50-4B09-A018-05EA35FF2332",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "31AD87C7-757E-410A-89C6-906CC763B446",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1209"
      }
    ]
  },
  "id": "VAR-202007-0208",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      }
    ],
    "trust": 1.78927874
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:35:28.279000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://iconics.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/"
      },
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code issue vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/222933"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-502",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12015"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 2.3,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12015"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12015"
      },
      {
        "trust": 0.8,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
      },
      {
        "trust": 0.8,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95379131/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-780/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1209"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1209"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "date": "2020-09-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "date": "2020-07-16T22:15:11.493000",
        "db": "NVD",
        "id": "CVE-2020-12015"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1209"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-30T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-780"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-34372"
      },
      {
        "date": "2020-09-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      },
      {
        "date": "2020-07-22T17:39:48.070000",
        "db": "NVD",
        "id": "CVE-2020-12015"
      },
      {
        "date": "2020-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1209"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1209"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unreliable data deserialization vulnerabilities in multiple MC products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008308"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Code problem",
    "sources": [
      {
        "db": "IVD",
        "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
      },
      {
        "db": "IVD",
        "id": "31ad87c7-757e-410a-89c6-906cc763b446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1209"
      }
    ],
    "trust": 1.0
  }
}

var-201105-0146
Vulnerability from variot

Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the 'GenVersion.dll' ActiveX control. Failed exploit attempts will result in a denial-of-service condition. "SetActiveXGUID()" method (GenVersion.dll) There is a boundary error. ----------------------------------------------------------------------

Secunia is hiring!

http://secunia.com/company/jobs/


TITLE: ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA44417

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44417/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44417

RELEASE DATE: 2011-05-04

DISCUSS ADVISORY: http://secunia.com/advisories/44417/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/44417/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=44417

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been discovered in ICONICS VersionInfo ActiveX control, which can be exploited by malicious people to compromise a user's system.

The vulnerability is confirmed in GenVersion.dll version 8.0.138.0. Other versions may also be affected.

SOLUTION: Update to a fixed version. Contact the vendor for further information.

PROVIDED AND/OR DISCOVERED BY: Scott Bell and Blair Strang, Security-Assessment.com

ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0146",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.20"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.13"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.01"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.20"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.13"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.01"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "iconics",
        "version": "9.x"
      },
      {
        "model": "bizviz",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "genesis32",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iconics",
        "version": "9.x"
      },
      {
        "model": "versioninfo activex control",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iconics",
        "version": "8.x"
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iconics",
        "version": "10.x"
      },
      {
        "model": "pacis sui rc7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "1.1"
      },
      {
        "model": "pacis sui rc6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "1.1"
      },
      {
        "model": "webhmi activex control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.01"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.20"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.21"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.01"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.20"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.21"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "9.x*"
      },
      {
        "model": "versioninfo activex control",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "8.x*"
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "10.x*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Scott Bell \u0026 Blair Strang",
    "sources": [
      {
        "db": "BID",
        "id": "47704"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-2089",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-2089",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "f780befa-2354-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d",
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
            "version": "2.0 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-2089",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201105-169",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the \u0027GenVersion.dll\u0027 ActiveX control. Failed exploit attempts will result in a denial-of-service condition. \"SetActiveXGUID()\" method (GenVersion.dll) There is a boundary error. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA44417\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44417/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44417/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44417/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in ICONICS VersionInfo ActiveX\ncontrol, which can be exploited by malicious people to compromise a\nuser\u0027s system. \n\nThe vulnerability is confirmed in GenVersion.dll version 8.0.138.0. \nOther versions may also be affected. \n\nSOLUTION:\nUpdate to a fixed version. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nScott Bell and Blair Strang, Security-Assessment.com\n\nORIGINAL ADVISORY:\nhttp://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "PACKETSTORM",
        "id": "101133"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "44417",
        "trust": 3.1
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "47704",
        "trust": 2.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-131-01",
        "trust": 2.4
      },
      {
        "db": "OSVDB",
        "id": "72135",
        "trust": 2.4
      },
      {
        "db": "EXPLOIT-DB",
        "id": "17269",
        "trust": 1.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "17240",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-1174",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "67267",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "F780BEFA-2354-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "30D8DBBE-1F96-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "101133",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "PACKETSTORM",
        "id": "101133"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "id": "VAR-201105-0146",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      }
    ],
    "trust": 1.7413905
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:02:12.822000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Hot Fixes",
        "trust": 0.8,
        "url": "http://www.iconics.com/home/support/hot-fixes.aspx"
      },
      {
        "title": "ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/3787"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-131-01.pdf"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/44417"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/47704"
      },
      {
        "trust": 2.0,
        "url": "http://www.security-assessment.com/files/documents/advisory/iconics_webhmi.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/17240"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/17269"
      },
      {
        "trust": 1.6,
        "url": "http://www.osvdb.org/72135"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2011/1174"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/67267"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2089"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2089"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/72135"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/44417/http"
      },
      {
        "trust": 0.3,
        "url": "http://download.schneider-electric.com/files?p_file_id=320329939"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44417/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/company/jobs/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44417/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "PACKETSTORM",
        "id": "101133"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "PACKETSTORM",
        "id": "101133"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-05-16T00:00:00",
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-05-05T00:00:00",
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-05-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "date": "2011-05-03T00:00:00",
        "db": "BID",
        "id": "47704"
      },
      {
        "date": "2011-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "date": "2011-05-05T06:57:34",
        "db": "PACKETSTORM",
        "id": "101133"
      },
      {
        "date": "2011-05-13T17:05:45.643000",
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "date": "2011-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-05-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "date": "2015-04-13T21:01:00",
        "db": "BID",
        "id": "47704"
      },
      {
        "date": "2011-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "date": "2017-08-29T01:29:16.080000",
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "date": "2011-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ],
    "trust": 1.0
  }
}

var-201402-0348
Vulnerability from variot

An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. GENESIS32 is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. GENESIS32 versions 8.0, 8.02, 8.04 and 8.05 are vulnerable

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0348",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "iconics",
        "version": "8.05"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "iconics",
        "version": "8.0"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "iconics",
        "version": "8.02"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "iconics",
        "version": "8.04"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.20"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.13"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.01"
      },
      {
        "model": "genesis32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "8.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "8.02"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "8.04"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "8.05"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "db": "BID",
        "id": "65706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0758"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NCCIC/ICS-CERT",
    "sources": [
      {
        "db": "BID",
        "id": "65706"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0758",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2014-0758",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2014-01214",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0758",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-01214",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201402-351",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "33a69fba-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. GENESIS32 is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nGENESIS32 versions 8.0, 8.02, 8.04 and 8.05 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "db": "BID",
        "id": "65706"
      },
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0758",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-051-01",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "65706",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-351",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "57034",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "33A69FBA-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "db": "BID",
        "id": "65706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ]
  },
  "id": "VAR-201402-0348",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      }
    ],
    "trust": 1.4315789
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:06:13.184000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "GENESIS32",
        "trust": 0.8,
        "url": "http://www.iconics.com/home/products/hmi-scada-software-solutions/genesis32.aspx"
      },
      {
        "title": "Iconics GENESIS32 ActiveX Control Remote Code Execution Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/43839"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0758"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-01"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0758"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0758"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/57034"
      },
      {
        "trust": 0.3,
        "url": "http://iconics.com/home/products/hmi-scada-software-solutions/genesis32.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://iconics.com/iconicswebsite/media/documents/support%20downloads/whitepaper_security_vulnerabilities_february_19_2014.pdf"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "db": "BID",
        "id": "65706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "db": "BID",
        "id": "65706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-02-25T00:00:00",
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2014-02-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "date": "2014-02-20T00:00:00",
        "db": "BID",
        "id": "65706"
      },
      {
        "date": "2014-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "date": "2014-02-24T04:48:10.193000",
        "db": "NVD",
        "id": "CVE-2014-0758"
      },
      {
        "date": "2014-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-02-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      },
      {
        "date": "2014-02-20T00:00:00",
        "db": "BID",
        "id": "65706"
      },
      {
        "date": "2014-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001458"
      },
      {
        "date": "2014-02-24T19:45:33.177000",
        "db": "NVD",
        "id": "CVE-2014-0758"
      },
      {
        "date": "2014-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Iconics GENESIS32 ActiveX Control Remote code execution vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01214"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation",
    "sources": [
      {
        "db": "IVD",
        "id": "33a69fba-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-351"
      }
    ],
    "trust": 0.8
  }
}

var-201207-0139
Vulnerability from variot

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. GENESIS32/BizViz is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 and BizViz are prone to a local authentication-bypass vulnerability. Successful exploits may lead to other attacks. Iconics GENESIS32 and BizViz versions 9.22 and prior are vulnerable. ----------------------------------------------------------------------

We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi


TITLE: ICONICS GENESIS32 / BizViz Privilege Escalation Vulnerability

SECUNIA ADVISORY ID: SA50116

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50116/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50116

RELEASE DATE: 2012-07-31

DISCUSS ADVISORY: http://secunia.com/advisories/50116/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/50116/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=50116

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in ICONICS GENESIS32 and ICONICS BizViz, which can be exploited by malicious, local users to gain escalated privileges. This can be exploited to gain administrative access by predicting a challenge response.

SOLUTION: Apply patches. Contact the vendor for further information.

PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Dr. Wesley McGrew, Mississippi State University.

ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201207-0139",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "iconics",
        "version": "8.05"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "iconics",
        "version": "9.13"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "iconics",
        "version": "9.01"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "iconics",
        "version": "8.05"
      },
      {
        "model": "bizviz",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "genesis32",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.13"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.01"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.20"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.20"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "8.05"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.01"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.20"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.21"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "8.05"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.01"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.20"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.21"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      },
      {
        "db": "BID",
        "id": "54732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3018"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.22",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.22",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-3018"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. Wesley McGrew of Mississippi State University",
    "sources": [
      {
        "db": "BID",
        "id": "54732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2012-3018",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2012-3018",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-3018",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201207-599",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "91b22ac4-2353-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3018"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. GENESIS32/BizViz is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 and BizViz are prone to a local authentication-bypass vulnerability. Successful exploits may lead to other attacks. \nIconics GENESIS32 and BizViz versions 9.22 and prior are vulnerable. ----------------------------------------------------------------------\n\nWe are millions!  Join us to protect all Pc\u0027s Worldwide. \nDownload the new Secunia PSI 3.0 available in 5 languages and share it with your friends:\nhttp://secunia.com/psi\n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS GENESIS32 / BizViz Privilege Escalation Vulnerability\n\nSECUNIA ADVISORY ID:\nSA50116\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50116/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116\n\nRELEASE DATE:\n2012-07-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50116/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50116/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in ICONICS GENESIS32 and ICONICS\nBizViz, which can be exploited by malicious, local users to gain\nescalated privileges. This can be exploited to gain\nadministrative access by predicting a challenge response. \n\nSOLUTION:\nApply patches. Contact the vendor for further information. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Dr. Wesley McGrew, Mississippi State University. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-3018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      },
      {
        "db": "BID",
        "id": "54732"
      },
      {
        "db": "IVD",
        "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "PACKETSTORM",
        "id": "115131"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-3018",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-12-212-01",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "54732",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "50116",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "91B22AC4-2353-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "115131",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      },
      {
        "db": "BID",
        "id": "54732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "db": "PACKETSTORM",
        "id": "115131"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3018"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ]
  },
  "id": "VAR-201207-0139",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      }
    ],
    "trust": 1.4120857500000001
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:06:18.649000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CERT Security Update",
        "trust": 0.8,
        "url": "http://www.iconics.com/certs"
      },
      {
        "title": "Iconics GENESIS32/BizViz Local Verification Patch for Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/19400"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3018"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-212-01.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3018"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3018"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/50116"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/54732"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/home/products/hmi-and-scada/genesis32.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50116"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/50116/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/50116/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      },
      {
        "db": "BID",
        "id": "54732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "db": "PACKETSTORM",
        "id": "115131"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3018"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      },
      {
        "db": "BID",
        "id": "54732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "db": "PACKETSTORM",
        "id": "115131"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3018"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-08-01T00:00:00",
        "db": "IVD",
        "id": "91b22ac4-2353-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2012-08-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      },
      {
        "date": "2012-07-30T00:00:00",
        "db": "BID",
        "id": "54732"
      },
      {
        "date": "2012-08-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "date": "2012-07-31T03:57:42",
        "db": "PACKETSTORM",
        "id": "115131"
      },
      {
        "date": "2012-07-31T10:45:42.467000",
        "db": "NVD",
        "id": "CVE-2012-3018"
      },
      {
        "date": "2012-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-08-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-4039"
      },
      {
        "date": "2015-03-19T08:11:00",
        "db": "BID",
        "id": "54732"
      },
      {
        "date": "2012-08-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      },
      {
        "date": "2012-07-31T10:45:42.467000",
        "db": "NVD",
        "id": "CVE-2012-3018"
      },
      {
        "date": "2012-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "54732"
      },
      {
        "db": "PACKETSTORM",
        "id": "115131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ICONICS GENESIS32 and  BizViz Vulnerable to access restrictions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003431"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-599"
      }
    ],
    "trust": 0.6
  }
}

var-201204-0058
Vulnerability from variot

Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. Failed exploit attempts will result in a denial-of-service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0058",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "iconics",
        "version": "8.05"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "iconics",
        "version": "8.05"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "8.05"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "8.05"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.2"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "BID",
        "id": "57146"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-5089"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Billy Rios and Terry McCorkle",
    "sources": [
      {
        "db": "BID",
        "id": "57146"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-5089",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-5089",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "f069156e-2353-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-5089",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201204-418",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "f069156e-2353-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. Failed exploit attempts will result in a denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-5089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "db": "BID",
        "id": "57146"
      },
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-5089",
        "trust": 2.9
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-182-02",
        "trust": 2.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "57146",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "F069156E-2353-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "BID",
        "id": "57146"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ]
  },
  "id": "VAR-201204-0058",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 0.81208575
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:15:04.773000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CERT Security Update",
        "trust": 0.8,
        "url": "http://www.iconics.com/certs"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5089"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-182-02.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5089"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5089"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "57146"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "BID",
        "id": "57146"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-5089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-04-19T00:00:00",
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-07-01T00:00:00",
        "db": "BID",
        "id": "57146"
      },
      {
        "date": "2012-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "date": "2012-04-18T17:55:01.213000",
        "db": "NVD",
        "id": "CVE-2011-5089"
      },
      {
        "date": "2012-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-19T08:32:00",
        "db": "BID",
        "id": "57146"
      },
      {
        "date": "2012-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-005041"
      },
      {
        "date": "2017-08-29T01:30:40.757000",
        "db": "NVD",
        "id": "CVE-2011-5089"
      },
      {
        "date": "2012-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ICONICS GENESIS32 Buffer Overflow Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "f069156e-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-418"
      }
    ],
    "trust": 0.8
  }
}