CVSS: 6.8EPSS: 91%CPEs: 8EXPL: 1CVE-2013-0108 – Honeywell HSC Remote Deployer - ActiveX Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-0108
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document. Vulnerabilidad en el control activeX en HscRemoteDeploy.dll en Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, y R410.2; SymmetrE R310, R410.1, y R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; y los paquetes de los clientes HMIWeb Browser, permiten a atacantes remotos ejecutar código HTML de su elección a través de un documento HTML manipulado. • https://www.exploit-db.com/exploits/24745 http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2012-0254
https://notcve.org/view.php?id=CVE-2012-0254
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el control ActiveX HMIWeb Browser HSCDSPRenderDLL en Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, y R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 y R410.1; y Honeywell Environmental Combustion y Controls (ECC) SymmetrE R410.1 permite a atacantes remotos a ejecutar código a través de vectores no especificados. • http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 0CVE-2011-0331
https://notcve.org/view.php?id=CVE-2011-0331
Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document. Vulnerabilidad de usar después de liberar en el método addOSPLext del control ActiveX Honeywell ScanServer 780.0.20.5. Permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML modificado. • http://osvdb.org/71249 http://secunia.com/advisories/43360 http://secunia.com/secunia_research/2011-22 http://www.securityfocus.com/bid/46930 http://www.vupen.com/english/advisories/2011/0725 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 36%CPEs: 2EXPL: 1CVE-2007-2938 – Microsoft Internet Explorer 6 / Ademco co. ltd. ATNBaseLoader100 Module - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2938
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. Desbordamiento de búfer en el controlado ActiveX BaseRunner en el módulo Ademco ATNBaseLoader100 (ATNBaseLoader100.dll) 5.4.0.6, cuando se está utilizando Internet Explorer 6, permite a atacantes remotos ejecutar código de su elección a través de argumentos largos en los métodos (1) Send485CMD , y posiblemente el (2) SetLoginID, (3) AddSite, (4) SetScreen, y (5) SetVideoServer. • https://www.exploit-db.com/exploits/3993 http://osvdb.org/36700 http://secunia.com/advisories/25430 http://www.securityfocus.com/bid/24172 http://www.vupen.com/english/advisories/2007/1958 https://exchange.xforce.ibmcloud.com/vulnerabilities/34548 •