CVE-2012-2054
Honeywell HMIWeb Browser ActiveX Control RequestDSPLoad Remote Code Execution Vulnerability
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.
Redmine antes de v1.3.2 no restringe adecuadamente el uso de un hash para proporcionar los valores de los atributos de un modelo, lo que permite a atacantes remotos establecer los atributos en los modelos (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board, a través de una URL modificada, en relación con una vulnerabilidad de "asignacion en masa". Se trata de una vulnerabilidad diferente a CVE-2012-0327.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-04-04 CVE Reserved
- 2012-04-04 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.redmine.org/boards/2/topics/29343 | X_refsource_confirm | |
| http://www.redmine.org/issues/10390 | X_refsource_confirm | |
| http://www.redmine.org/versions/42 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | <= 1.3.1 Search vendor "Redmine" for product "Redmine" and version " <= 1.3.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.1.0 Search vendor "Redmine" for product "Redmine" and version "0.1.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.2.1 Search vendor "Redmine" for product "Redmine" and version "0.2.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.2.2 Search vendor "Redmine" for product "Redmine" and version "0.2.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.3.0 Search vendor "Redmine" for product "Redmine" and version "0.3.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.4.0 Search vendor "Redmine" for product "Redmine" and version "0.4.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.4.1 Search vendor "Redmine" for product "Redmine" and version "0.4.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.4.2 Search vendor "Redmine" for product "Redmine" and version "0.4.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.5.0 Search vendor "Redmine" for product "Redmine" and version "0.5.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.5.1 Search vendor "Redmine" for product "Redmine" and version "0.5.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.6.0 Search vendor "Redmine" for product "Redmine" and version "0.6.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.6.1 Search vendor "Redmine" for product "Redmine" and version "0.6.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.6.2 Search vendor "Redmine" for product "Redmine" and version "0.6.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.6.3 Search vendor "Redmine" for product "Redmine" and version "0.6.3" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.6.4 Search vendor "Redmine" for product "Redmine" and version "0.6.4" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.7.0 Search vendor "Redmine" for product "Redmine" and version "0.7.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.7.0 Search vendor "Redmine" for product "Redmine" and version "0.7.0" | rc1 |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.7.1 Search vendor "Redmine" for product "Redmine" and version "0.7.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.7.2 Search vendor "Redmine" for product "Redmine" and version "0.7.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.7.3 Search vendor "Redmine" for product "Redmine" and version "0.7.3" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.7.4 Search vendor "Redmine" for product "Redmine" and version "0.7.4" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.0 Search vendor "Redmine" for product "Redmine" and version "0.8.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.0 Search vendor "Redmine" for product "Redmine" and version "0.8.0" | rc1 |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.1 Search vendor "Redmine" for product "Redmine" and version "0.8.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.2 Search vendor "Redmine" for product "Redmine" and version "0.8.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.3 Search vendor "Redmine" for product "Redmine" and version "0.8.3" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.4 Search vendor "Redmine" for product "Redmine" and version "0.8.4" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.5 Search vendor "Redmine" for product "Redmine" and version "0.8.5" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.6 Search vendor "Redmine" for product "Redmine" and version "0.8.6" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.8.7 Search vendor "Redmine" for product "Redmine" and version "0.8.7" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.9.0 Search vendor "Redmine" for product "Redmine" and version "0.9.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.9.1 Search vendor "Redmine" for product "Redmine" and version "0.9.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.9.2 Search vendor "Redmine" for product "Redmine" and version "0.9.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.9.3 Search vendor "Redmine" for product "Redmine" and version "0.9.3" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.9.4 Search vendor "Redmine" for product "Redmine" and version "0.9.4" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.9.5 Search vendor "Redmine" for product "Redmine" and version "0.9.5" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 0.9.6 Search vendor "Redmine" for product "Redmine" and version "0.9.6" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.0.0 Search vendor "Redmine" for product "Redmine" and version "1.0.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.0.1 Search vendor "Redmine" for product "Redmine" and version "1.0.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.0.2 Search vendor "Redmine" for product "Redmine" and version "1.0.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.0.3 Search vendor "Redmine" for product "Redmine" and version "1.0.3" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.0.4 Search vendor "Redmine" for product "Redmine" and version "1.0.4" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.0.5 Search vendor "Redmine" for product "Redmine" and version "1.0.5" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.1.0 Search vendor "Redmine" for product "Redmine" and version "1.1.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.1.1 Search vendor "Redmine" for product "Redmine" and version "1.1.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.1.2 Search vendor "Redmine" for product "Redmine" and version "1.1.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.1.3 Search vendor "Redmine" for product "Redmine" and version "1.1.3" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.2.0 Search vendor "Redmine" for product "Redmine" and version "1.2.0" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.2.1 Search vendor "Redmine" for product "Redmine" and version "1.2.1" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.2.2 Search vendor "Redmine" for product "Redmine" and version "1.2.2" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.2.3 Search vendor "Redmine" for product "Redmine" and version "1.2.3" | - |
Affected
| ||||||
| Redmine Search vendor "Redmine" | Redmine Search vendor "Redmine" for product "Redmine" | 1.3.0 Search vendor "Redmine" for product "Redmine" and version "1.3.0" | - |
Affected
| ||||||