CVE-2013-0108

Name of the Vulnerable Software and Affected Versions Honeywell Enterprise Buildings Integrator versions R310, R400.2, R410.1, R410.2 SymmetrE versions R310, R410.1, R410.2 ComfortPoint Open Manager Station version R100 HMIWeb Browser client packages (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code via a crafted HTML document, due to a flaw in an ActiveX control in HscRemoteDeploy.dll.

Recommendations For Honeywell Enterprise Buildings Integrator versions R310, R400.2, R410.1, R410.2, update to a version that includes a fix for the ActiveX control vulnerability in HscRemoteDeploy.dll. For SymmetrE versions R310, R410.1, R410.2, update to a version that includes a fix for the ActiveX control vulnerability in HscRemoteDeploy.dll. For ComfortPoint Open Manager Station version R100, update to a version that includes a fix for the ActiveX control vulnerability in HscRemoteDeploy.dll. For HMIWeb Browser client packages, at the moment, there is no information about a newer version that contains a fix for this vulnerability.