CVE-2011-5088

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

T

he GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."

References

Link	Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf	US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:iconics:bizviz:9.21:::::::*
	cpe:2.3:a:iconics:genesis32:9.21:::::::*

History

21 Nov 2024, 01:33

Type	Values Removed	Values Added
References	~~() http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf - US Government Resource~~	() http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf - US Government Resource

Information

Published : 2012-04-18 17:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-5088

Mitre link : CVE-2011-5088

CVE.ORG link : CVE-2011-5088

JSON object : View

Products Affected

CWE

NVD-CWE-Other

{"id": "CVE-2011-5088", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-04-18T17:55:01.167", "references": [{"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf", "tags": ["US Government Resource"], "source": "[email protected]"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""}, {"lang": "es", "value": "El control ActiveX GENESIS32 IcoSetServer en ICONICS GENESIS32 v9.21 y BizViz v9.21 configura la zona de confianza sobre la base de datos del usuario, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web modificado, relaci\u00f3nado con una \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2"}, {"criteria": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CDD1388-8FBF-4B3E-854E-B68D3EB6569B"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}