Published: 24/02/2013 Updated: 25/02/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote malicious users to execute arbitrary code via a crafted HTML document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
honeywell enterprise buildings integrator r400.2
honeywell enterprise buildings integrator r310
honeywell enterprise buildings integrator r410.1
honeywell enterprise buildings integrator r410.2
honeywell symmetre r410.1
honeywell symmetre r310
honeywell symmetre r400.2
honeywell comfortpoint open manager station r100

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking ...

CWE-94 http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf https://nvd.nist.gov https://www.exploit-db.com/exploits/24745/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-0108

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect