CVE-2011-5088

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS32 version 9.21 ICONICS BizViz version 9.21

Description The issue allows remote attackers to execute arbitrary code via a crafted web site, related to the configuration of the trusted zone based on user input in the GENESIS32 IcoSetServer ActiveX control. This is specifically tied to the Workbench32/WebHMI component SetTrustedZone Policy.

Recommendations For ICONICS GENESIS32 version 9.21, consider disabling the GENESIS32 IcoSetServer ActiveX control until a patch is available. For ICONICS BizViz version 9.21, restrict access to the Workbench32/WebHMI component to minimize the risk of exploitation.