CVSS: 6.8EPSS: 91%CPEs: 8EXPL: 1CVE-2013-0108 – Honeywell HSC Remote Deployer - ActiveX Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-0108
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document. Vulnerabilidad en el control activeX en HscRemoteDeploy.dll en Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, y R410.2; SymmetrE R310, R410.1, y R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; y los paquetes de los clientes HMIWeb Browser, permiten a atacantes remotos ejecutar código HTML de su elección a través de un documento HTML manipulado. • https://www.exploit-db.com/exploits/24745 http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •