CVE-2013-0108 – Honeywell HSC Remote Deployer - ActiveX Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-0108
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document. Vulnerabilidad en el control activeX en HscRemoteDeploy.dll en Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, y R410.2; SymmetrE R310, R410.1, y R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; y los paquetes de los clientes HMIWeb Browser, permiten a atacantes remotos ejecutar código HTML de su elección a través de un documento HTML manipulado. • https://www.exploit-db.com/exploits/24745 http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-0254
https://notcve.org/view.php?id=CVE-2012-0254
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el control ActiveX HMIWeb Browser HSCDSPRenderDLL en Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, y R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 y R410.1; y Honeywell Environmental Combustion y Controls (ECC) SymmetrE R410.1 permite a atacantes remotos a ejecutar código a través de vectores no especificados. • http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx • CWE-787: Out-of-bounds Write •