Vulnerability Details : CVE-2013-0108
Public exploit exists!
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.
Vulnerability category: Execute code
Products affected by CVE-2013-0108
- cpe:2.3:a:honeywell:enterprise_buildings_integrator:r400.2:*:*:*:*:*:*:*
- cpe:2.3:a:honeywell:enterprise_buildings_integrator:r310:*:*:*:*:*:*:*
- cpe:2.3:a:honeywell:enterprise_buildings_integrator:r410.1:*:*:*:*:*:*:*
- cpe:2.3:a:honeywell:enterprise_buildings_integrator:r410.2:*:*:*:*:*:*:*
- cpe:2.3:a:honeywell:symmetre:r410.1:*:*:*:*:*:*:*
- cpe:2.3:a:honeywell:symmetre:r310:*:*:*:*:*:*:*
- cpe:2.3:a:honeywell:symmetre:r400.2:*:*:*:*:*:*:*
- cpe:2.3:a:honeywell:comfortpoint_open_manager_station:r100:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0108
91.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-0108
-
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
Disclosure Date: 2013-02-22First seen: 2020-04-26exploit/windows/browser/honeywell_hscremotedeploy_execThis module exploits a vulnerability found in the Honeywell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This module has been tested successfully with the H
CVSS scores for CVE-2013-0108
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-0108
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0108
-
http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf
404 - File Not Found | CISAUS Government Resource
Jump to