Details of VAR-201105-0146

ID

VAR-201105-0146

CVE

CVE-2011-2089

TITLE

ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 30d8dbbe-1f96-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1744

DESCRIPTION

Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the 'GenVersion.dll' ActiveX control. Failed exploit attempts will result in a denial-of-service condition. "SetActiveXGUID()" method (GenVersion.dll) There is a boundary error. ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44417 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44417/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44417 RELEASE DATE: 2011-05-04 DISCUSS ADVISORY: http://secunia.com/advisories/44417/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44417/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44417 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ICONICS VersionInfo ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in GenVersion.dll version 8.0.138.0. Other versions may also be affected. SOLUTION: Update to a fixed version. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Scott Bell and Blair Strang, Security-Assessment.com ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2011-2089 // JVNDB: JVNDB-2011-001794 // CNVD: CNVD-2011-1744 // BID: 47704 // IVD: f780befa-2354-11e6-abef-000c29c66e3d // IVD: 30d8dbbe-1f96-11e6-abef-000c29c66e3d // PACKETSTORM: 101133

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: f780befa-2354-11e6-abef-000c29c66e3d // IVD: 30d8dbbe-1f96-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1744

AFFECTED PRODUCTS

vendor:	iconics	model:	bizviz	scope:	eq	version:	9.1	Trust: 1.6
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.01	Trust: 1.6
vendor:	iconics	model:	bizviz	scope:	eq	version:	9.2	Trust: 1.6
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.13	Trust: 1.6
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.20	Trust: 1.6
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.1	Trust: 1.6
vendor:	iconics	model:	bizviz	scope:	eq	version:	9.0	Trust: 1.6
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.2	Trust: 1.6
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.21	Trust: 1.6
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.0	Trust: 1.6
vendor:	iconics	model:	bizviz	scope:	eq	version:	9.13	Trust: 1.0
vendor:	iconics	model:	bizviz	scope:	eq	version:	9.21	Trust: 1.0
vendor:	iconics	model:	bizviz	scope:	eq	version:	9.01	Trust: 1.0
vendor:	iconics	model:	bizviz	scope:	eq	version:	9.20	Trust: 1.0
vendor:	iconics	model:	bizviz	scope:	eq	version:	9.x	Trust: 0.8
vendor:	iconics	model:	bizviz	scope:	lt	version:	9.22	Trust: 0.8
vendor:	iconics	model:	genesis32	scope:	lt	version:	9.22	Trust: 0.8
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.x	Trust: 0.6
vendor:	iconics	model:	versioninfo activex control	scope:	eq	version:	8.x	Trust: 0.6
vendor:	iconics	model:	genesis64	scope:	eq	version:	10.x	Trust: 0.6
vendor:	schneider electric	model:	pacis sui rc7	scope:	eq	version:	1.1	Trust: 0.3
vendor:	schneider electric	model:	pacis sui rc6	scope:	eq	version:	1.1	Trust: 0.3
vendor:	iconics	model:	webhmi activex control	scope:	eq	version:	0	Trust: 0.3
vendor:	bizviz	model:	-	scope:	eq	version:	9.0	Trust: 0.2
vendor:	bizviz	model:	-	scope:	eq	version:	9.01	Trust: 0.2
vendor:	bizviz	model:	-	scope:	eq	version:	9.1	Trust: 0.2
vendor:	bizviz	model:	-	scope:	eq	version:	9.2	Trust: 0.2
vendor:	bizviz	model:	-	scope:	eq	version:	9.13	Trust: 0.2
vendor:	bizviz	model:	-	scope:	eq	version:	9.20	Trust: 0.2
vendor:	bizviz	model:	-	scope:	eq	version:	9.21	Trust: 0.2
vendor:	genesis32	model:	-	scope:	eq	version:	9.0	Trust: 0.2
vendor:	genesis32	model:	-	scope:	eq	version:	9.01	Trust: 0.2
vendor:	genesis32	model:	-	scope:	eq	version:	9.1	Trust: 0.2
vendor:	genesis32	model:	-	scope:	eq	version:	9.2	Trust: 0.2
vendor:	genesis32	model:	-	scope:	eq	version:	9.13	Trust: 0.2
vendor:	genesis32	model:	-	scope:	eq	version:	9.20	Trust: 0.2
vendor:	genesis32	model:	-	scope:	eq	version:	9.21	Trust: 0.2
vendor:	iconics	model:	genesis32	scope:	eq	version:	9.x*	Trust: 0.2
vendor:	iconics	model:	versioninfo activex control	scope:	eq	version:	8.x*	Trust: 0.2
vendor:	iconics	model:	genesis64	scope:	eq	version:	10.x*	Trust: 0.2

sources: IVD: f780befa-2354-11e6-abef-000c29c66e3d // IVD: 30d8dbbe-1f96-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1744 // BID: 47704 // JVNDB: JVNDB-2011-001794 // CNNVD: CNNVD-201105-169 // NVD: CVE-2011-2089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2089
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-2089
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201105-169
value:	CRITICAL
Trust: 0.6
IVD:	f780befa-2354-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	30d8dbbe-1f96-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2011-2089
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	f780befa-2354-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	30d8dbbe-1f96-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0 [IVD]
Trust: 0.2

sources: IVD: f780befa-2354-11e6-abef-000c29c66e3d // IVD: 30d8dbbe-1f96-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-001794 // CNNVD: CNNVD-201105-169 // NVD: CVE-2011-2089

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-001794 // NVD: CVE-2011-2089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201105-169

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: f780befa-2354-11e6-abef-000c29c66e3d // IVD: 30d8dbbe-1f96-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201105-169

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001794

PATCH

title:	Hot Fixes	url:	http://www.iconics.com/Home/Support/Hot-Fixes.aspx	Trust: 0.8
title:	ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/3787	Trust: 0.6

sources: CNVD: CNVD-2011-1744 // JVNDB: JVNDB-2011-001794

EXTERNAL IDS

db:	SECUNIA	id:	44417	Trust: 3.1
db:	NVD	id:	CVE-2011-2089	Trust: 2.9
db:	BID	id:	47704	Trust: 2.7
db:	ICS CERT	id:	ICSA-11-131-01	Trust: 2.4
db:	OSVDB	id:	72135	Trust: 2.4
db:	VUPEN	id:	ADV-2011-1174	Trust: 1.6
db:	EXPLOIT-DB	id:	17269	Trust: 1.6
db:	EXPLOIT-DB	id:	17240	Trust: 1.6
db:	XF	id:	67267	Trust: 1.4
db:	CNNVD	id:	CNNVD-201105-169	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1744	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-001794	Trust: 0.8
db:	IVD	id:	F780BEFA-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	30D8DBBE-1F96-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	101133	Trust: 0.1

sources: IVD: f780befa-2354-11e6-abef-000c29c66e3d // IVD: 30d8dbbe-1f96-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1744 // BID: 47704 // JVNDB: JVNDB-2011-001794 // PACKETSTORM: 101133 // CNNVD: CNNVD-201105-169 // NVD: CVE-2011-2089

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-131-01.pdf	Trust: 2.4
url:	http://secunia.com/advisories/44417	Trust: 2.4
url:	http://www.securityfocus.com/bid/47704	Trust: 2.4
url:	http://www.security-assessment.com/files/documents/advisory/iconics_webhmi.pdf	Trust: 2.0
url:	http://www.vupen.com/english/advisories/2011/1174	Trust: 1.6
url:	http://www.osvdb.org/72135	Trust: 1.6
url:	http://www.exploit-db.com/exploits/17269	Trust: 1.6
url:	http://www.exploit-db.com/exploits/17240	Trust: 1.6
url:	http://xforce.iss.net/xforce/xfdb/67267	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/67267	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2089	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2089	Trust: 0.8
url:	http://osvdb.org/72135	Trust: 0.8
url:	http://secunia.com/advisories/44417/http	Trust: 0.6
url:	http://download.schneider-electric.com/files?p_file_id=320329939	Trust: 0.3
url:	http://www.iconics.com/	Trust: 0.3
url:	http://secunia.com/advisories/44417/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44417	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/44417/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2011-1744 // BID: 47704 // JVNDB: JVNDB-2011-001794 // PACKETSTORM: 101133 // CNNVD: CNNVD-201105-169 // NVD: CVE-2011-2089

CREDITS

Scott Bell & Blair Strang

Trust: 0.3

sources: BID: 47704

SOURCES

db:	IVD	id:	f780befa-2354-11e6-abef-000c29c66e3d
db:	IVD	id:	30d8dbbe-1f96-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-1744
db:	BID	id:	47704
db:	JVNDB	id:	JVNDB-2011-001794
db:	PACKETSTORM	id:	101133
db:	CNNVD	id:	CNNVD-201105-169
db:	NVD	id:	CVE-2011-2089

LAST UPDATE DATE

2024-11-23T22:39:16.222000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1744	date:	2011-05-05T00:00:00
db:	BID	id:	47704	date:	2015-04-13T21:01:00
db:	JVNDB	id:	JVNDB-2011-001794	date:	2011-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201105-169	date:	2011-05-16T00:00:00
db:	NVD	id:	CVE-2011-2089	date:	2024-11-21T01:27:34.020

SOURCES RELEASE DATE

db:	IVD	id:	f780befa-2354-11e6-abef-000c29c66e3d	date:	2011-05-16T00:00:00
db:	IVD	id:	30d8dbbe-1f96-11e6-abef-000c29c66e3d	date:	2011-05-05T00:00:00
db:	CNVD	id:	CNVD-2011-1744	date:	2011-05-05T00:00:00
db:	BID	id:	47704	date:	2011-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2011-001794	date:	2011-06-29T00:00:00
db:	PACKETSTORM	id:	101133	date:	2011-05-05T06:57:34
db:	CNNVD	id:	CNNVD-201105-169	date:	2011-05-16T00:00:00
db:	NVD	id:	CVE-2011-2089	date:	2011-05-13T17:05:45.643