PT-2012-2066 · Iconics+1 · Iconics Bizviz+2

Published

2012-04-18

Updated

2012-04-19

CVE-2011-5088

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS32 version 9.21 ICONICS BizViz version 9.21

Description The issue allows remote attackers to execute arbitrary code via a crafted web site, related to the configuration of the trusted zone based on user input in the GENESIS32 IcoSetServer ActiveX control. This is specifically tied to the Workbench32/WebHMI component SetTrustedZone Policy.

Recommendations For ICONICS GENESIS32 version 9.21, consider disabling the GENESIS32 IcoSetServer ActiveX control until a patch is available. For ICONICS BizViz version 9.21, restrict access to the Workbench32/WebHMI component to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-5088

Affected Products

Activex

Iconics Bizviz

Iconics Genesis32

PT-2012-2066 · Iconics+1 · Iconics Bizviz+2

CVE-2011-5088

Related Identifiers

Affected Products

References · 2