PT-2014-2634 · Mitsubishi · Mitsubishi Electric Automation Mc-Worx Suite+1

Blake

Published

2014-02-24

Updated

2014-02-24

CVE-2013-2817

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Automation MC-WorX Suite version 8.02

Description The issue allows remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. This is made possible by a vulnerability in an ActiveX control in IcoLaunch.dll.

Recommendations For Mitsubishi Electric Automation MC-WorX Suite version 8.02, consider disabling the vulnerable ActiveX control in IcoLaunch.dll as a temporary workaround until a patch is available. Restrict access to the Login Client button to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-2817

Affected Products

Icolaunch.Dll

Mitsubishi Electric Automation Mc-Worx Suite

PT-2014-2634 · Mitsubishi · Mitsubishi Electric Automation Mc-Worx Suite+1

CVE-2013-2817

Weakness Enumeration

Related Identifiers

Affected Products

References · 4