CVE-2013-0108

{"id": "CVE-2013-0108", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-02-24T11:48:21.407", "references": [{"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document."}, {"lang": "es", "value": "Vulnerabilidad en el control activeX en HscRemoteDeploy.dll en Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, y R410.2; SymmetrE R310, R410.1, y R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; y los paquetes de los clientes HMIWeb Browser, permiten a atacantes remotos ejecutar c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado."}], "lastModified": "2013-02-25T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:honeywell:enterprise_buildings_integrator:r310:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "637E3025-7431-4DD4-8BE1-8DE8D3669EB7"}, {"criteria": "cpe:2.3:a:honeywell:enterprise_buildings_integrator:r400.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2420B288-F58B-41E8-B160-C9D718DE17D0"}, {"criteria": "cpe:2.3:a:honeywell:enterprise_buildings_integrator:r410.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B7AC9E8-827F-489C-80A2-75518679CF3E"}, {"criteria": "cpe:2.3:a:honeywell:enterprise_buildings_integrator:r410.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53F8C4D1-9D6B-4008-AEBC-5DD2FF9A5D17"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:honeywell:symmetre:r310:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B9D509F-F181-4A10-951C-8450EC876217"}, {"criteria": "cpe:2.3:a:honeywell:symmetre:r400.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2769FA60-966D-4D28-8FF0-50D8F13DB308"}, {"criteria": "cpe:2.3:a:honeywell:symmetre:r410.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "157923CF-52A2-4F5E-B5DA-26E875CBA4B8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:honeywell:comfortpoint_open_manager_station:r100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "171E2474-1234-4F75-97F1-55DE7F17564C"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}