Honeywell Multiple Products ActiveX Control Remote Code
Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability
Release Date : 2013-02-25
Criticality level : Highly critical
Impact : System access
Where: From remote
Solution Status : Vendor Patch
Honeywell ComfortPoint Open Manager (CPO-M)
Honeywell Enterprise Buildings Integrator (EBI)
A vulnerability has been reported in multiple Honeywell products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error in the HscRemoteDeploy.dll module. No further information is currently available.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following products:
* Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2
* Honeywell SymmetrE R310, R410.1, and R410.2
* Honeywell ComfortPoint Open Manager (CPO-M) R100
Apply Station Security Update package (please contact the vendor for more information).
Provided and/or discovered by:
ICS-CERT credits Juan Vazquez, Rapid7.
Was this reply helpful? (0) (0)