You are here

V-099: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability

February 26, 2013 - 12:26am

Addthis

PROBLEM:

Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability

PLATFORM:

Honeywell ComfortPoint Open Manager (CPO-M)
Honeywell Enterprise Buildings Integrator (EBI)
Honeywell SymmetrE

ABSTRACT:

A vulnerability has been reported in multiple Honeywell products

REFERENCE LINKS:

Secunia Advisory SA52389
ICSA-13-053-02
CVE-2013-0108

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The vulnerability is caused due to an unspecified error in the HscRemoteDeploy.dll module.

No further information is currently available.

Successful exploitation may allow execution of arbitrary code.

IMPACT:

A vulnerability in multiple Honeywell products can be exploited by malicious people to compromise a vulnerable system.

SOLUTION:

Apply Station Security Update package .

Addthis