// For flags

CVE-2011-5088

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."

El control ActiveX GENESIS32 IcoSetServer en ICONICS GENESIS32 v9.21 y BizViz v9.21 configura la zona de confianza sobre la base de datos del usuario, lo que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web modificado, relaciónado con una "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-04-18 CVE Reserved
  • 2012-04-18 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf Us Government Resource
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Iconics
Search vendor "Iconics"
 Bizviz
Search vendor "Iconics" for product "Bizviz"
 9.21
Search vendor "Iconics" for product "Bizviz" and version "9.21"
-
Affected
Iconics
Search vendor "Iconics"
 Genesis32
Search vendor "Iconics" for product "Genesis32"
 9.21
Search vendor "Iconics" for product "Genesis32" and version "9.21"
-
Affected