Details of VAR-E-201103-0416

ID

VAR-E-201103-0416

TITLE

Iconics GENESIS32 and GENESIS64 Multiple Security Vulnerabilities

Trust: 0.3

sources: BID: 46939

DESCRIPTION

Iconics GENESIS32 and GENESIS64 are prone to multiple security vulnerabilities including multiple memory-corruption vulnerabilities and multiple integer-overflow vulnerabilities because they fail to properly validate user-supplied input.
Successful exploits may allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions.
The following versions are vulnerable; other versions may also be affected:
GENESIS32 9.21
GENESIS64 10.51

Trust: 0.3

sources: BID: 46939

AFFECTED PRODUCTS

vendor:	iconics	model:	genesis64	scope:	eq	version:	10.51	Trust: 0.3
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.21.201.01	Trust: 0.3
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.21	Trust: 0.3

sources: BID: 46939

EXPLOIT

The following exploit code and proofs of concept are available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/46939_1.zip">/data/vulnerabilities/exploits/46939_1.zip</a></li>
<li><a href="/data/vulnerabilities/exploits/46939_2.zip">/data/vulnerabilities/exploits/46939_2.zip</a></li>
<li><a href="/data/vulnerabilities/exploits/46939.rb">/data/vulnerabilities/exploits/46939.rb</a></li>

Trust: 0.3

sources: BID: 46939

PRICE

Free

Trust: 0.3

sources: BID: 46939

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 46939

CREDITS

Luigi Auriemma

Trust: 0.3

sources: BID: 46939

EXTERNAL IDS

db:

BID

id:

46939

Trust: 0.3

sources: BID: 46939

REFERENCES

url:	http://aluigi.org/adv/genesis_10-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_5-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_9-adv.txt	Trust: 0.3
url:	http://www.iconics.com/home/products/hmi-and-scada/genesis64.aspx	Trust: 0.3
url:	http://aluigi.org/adv/genesis_8-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_1-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_4-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_11-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_2-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_12-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_6-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_3-adv.txt	Trust: 0.3
url:	http://www.iconics.com/home/products/hmi-and-scada/genesis32.aspx	Trust: 0.3
url:	http://aluigi.org/adv/genesis_13-adv.txt	Trust: 0.3
url:	http://aluigi.org/adv/genesis_7-adv.txt	Trust: 0.3

sources: BID: 46939

SOURCES

db:

BID

id:

46939

LAST UPDATE DATE

2022-07-27T09:52:27.474000+00:00

SOURCES UPDATE DATE

db:

BID

id:

46939

date:

2015-03-19T09:13:00

SOURCES RELEASE DATE

db:

BID

id:

46939

date:

2011-03-21T00:00:00