PT-2012-2441 · Honeywell Environmental Combustion Controls+2 · Symmetre+2
Published
2012-09-08
·
Updated
2022-02-03
·
CVE-2012-0254
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Honeywell Process Solutions (HPS) Experion versions R2xx through R400.x
Honeywell Building Solutions (HBS) Enterprise Building Manager versions R400 through R410.1
Honeywell Environmental Combustion and Controls (ECC) SymmetrE version R410.1
Description
A stack-based buffer overflow issue exists in the HMIWeb Browser HSCDSPRenderDLL ActiveX control. This allows remote attackers to execute arbitrary code via unspecified vectors.
Recommendations
For Honeywell Process Solutions (HPS) Experion versions R2xx through R400.x, update to a version that includes a fix for the HSCDSPRenderDLL ActiveX control issue.
For Honeywell Building Solutions (HBS) Enterprise Building Manager versions R400 through R410.1, update to a version that includes a fix for the HSCDSPRenderDLL ActiveX control issue.
For Honeywell Environmental Combustion and Controls (ECC) SymmetrE version R410.1, update to a version that includes a fix for the HSCDSPRenderDLL ActiveX control issue.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enterprise Building Manager
Experion
Symmetre