Sign-up

ID

VAR-201204-0058


CVE

CVE-2011-5089


TITLE

ICONICS GENESIS32 Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: f069156e-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201204-418

DESCRIPTION

Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. Failed exploit attempts will result in a denial-of-service condition

Trust: 2.07

sources: NVD: CVE-2011-5089 // JVNDB: JVNDB-2011-005041 // BID: 57146 // IVD: f069156e-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: f069156e-2353-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:iconicsmodel:genesis32scope:eqversion:9.2

Trust: 2.7

vendor:iconicsmodel:genesis32scope:eqversion:9.1

Trust: 2.7

vendor:iconicsmodel:genesis32scope:eqversion:9.0

Trust: 2.7

vendor:iconicsmodel:genesis32scope:eqversion:8.05

Trust: 2.7

vendor:iconicsmodel:bizvizscope:eqversion:9.2

Trust: 2.7

vendor:iconicsmodel:bizvizscope:eqversion:9.1

Trust: 2.7

vendor:iconicsmodel:bizvizscope:eqversion:9.0

Trust: 2.7

vendor:iconicsmodel:bizvizscope:eqversion:8.05

Trust: 2.7

vendor:genesis32model: - scope:eqversion:8.05

Trust: 0.2

vendor:genesis32model: - scope:eqversion:9.0

Trust: 0.2

vendor:genesis32model: - scope:eqversion:9.1

Trust: 0.2

vendor:genesis32model: - scope:eqversion:9.2

Trust: 0.2

vendor:bizvizmodel: - scope:eqversion:8.05

Trust: 0.2

vendor:bizvizmodel: - scope:eqversion:9.0

Trust: 0.2

vendor:bizvizmodel: - scope:eqversion:9.1

Trust: 0.2

vendor:bizvizmodel: - scope:eqversion:9.2

Trust: 0.2

sources: IVD: f069156e-2353-11e6-abef-000c29c66e3d // BID: 57146 // JVNDB: JVNDB-2011-005041 // CNNVD: CNNVD-201204-418 // NVD: CVE-2011-5089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-5089
value: HIGH

Trust: 1.0

NVD: CVE-2011-5089
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201204-418
value: CRITICAL

Trust: 0.6

IVD: f069156e-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2011-5089
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: f069156e-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: f069156e-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-005041 // CNNVD: CNNVD-201204-418 // NVD: CVE-2011-5089

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-005041 // NVD: CVE-2011-5089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-418

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: f069156e-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201204-418

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-005041

PATCH
title:CERT Security Updateurl:http://www.iconics.com/certs
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-005041

EXTERNAL IDS
db:NVDid:CVE-2011-5089
Trust: 2.9
db:ICS CERTid:ICSA-11-182-02
Trust: 2.7
db:CNNVDid:CNNVD-201204-418
Trust: 0.8
db:JVNDBid:JVNDB-2011-005041
Trust: 0.8
db:BIDid:57146
Trust: 0.3
db:IVDid:F069156E-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: f069156e-2353-11e6-abef-000c29c66e3d // 
            
            
            
            BID: 57146 // 
            
            
            
            JVNDB: JVNDB-2011-005041 // 
            
            
            
            CNNVD: CNNVD-201204-418 // 
            
            
            
            NVD: CVE-2011-5089

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-182-02.pdf
Trust: 2.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/74932
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5089
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5089
Trust: 0.8
url:http://www.iconics.com/
Trust: 0.3
sources:
            
            
            BID: 57146 // 
            
            
            
            JVNDB: JVNDB-2011-005041 // 
            
            
            
            CNNVD: CNNVD-201204-418 // 
            
            
            
            NVD: CVE-2011-5089

CREDITS
Billy Rios and Terry McCorkle
Trust: 0.3
sources:
            
            
            BID: 57146

SOURCES
db:IVDid:f069156e-2353-11e6-abef-000c29c66e3d
db:BIDid:57146
db:JVNDBid:JVNDB-2011-005041
db:CNNVDid:CNNVD-201204-418
db:NVDid:CVE-2011-5089

LAST UPDATE DATE
2024-11-23T22:49:42.749000+00:00

SOURCES UPDATE DATE
db:BIDid:57146date:2015-03-19T08:32:00
db:JVNDBid:JVNDB-2011-005041date:2012-04-20T00:00:00
db:CNNVDid:CNNVD-201204-418date:2012-04-19T00:00:00
db:NVDid:CVE-2011-5089date:2024-11-21T01:33:36.510

SOURCES RELEASE DATE
db:IVDid:f069156e-2353-11e6-abef-000c29c66e3ddate:2012-04-19T00:00:00
db:BIDid:57146date:2011-07-01T00:00:00
db:JVNDBid:JVNDB-2011-005041date:2012-04-20T00:00:00
db:CNNVDid:CNNVD-201204-418date:2012-04-19T00:00:00
db:NVDid:CVE-2011-5089date:2012-04-18T17:55:01.213