CVE-2013-2817

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02	US Government Resource
http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mitsubishielectric:mc-worx_suite:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-02-24 04:48

Updated : 2024-02-04 18:35

NVD link : CVE-2013-2817

Mitre link : CVE-2013-2817

CVE.ORG link : CVE-2013-2817

JSON object : View

Products Affected

mitsubishielectric

mc-worx_suite

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

9.3 /10