Honeywell Multiple Products HscRemoteDepoy.dll ActiveX Control Arbitrary Code Execution

medium Nessus Plugin ID 65656

Synopsis

The remote host has an ActiveX control installed that is affected by a remote code execution vulnerability.

Description

The remote host has the Honeywell 'HscRemoteDeploy.dll' ActiveX control, which is affected by a vulnerability in the 'LaunchInstaller()' function that can be utilized to execute arbitrary code by tricking a victim into opening a specially crafted HTML document.

Solution

Disable the affected ActiveX control manually, or contact Honeywell for a fix that disables it.

See Also

https://support.microsoft.com/en-us/help/240797/how-to-stop-an-activex-control-from-running-in-internet-explorer

Plugin Details

Severity: Medium

ID: 65656

File Name: scada_honeywell_hscremotedeploy_activex.nbin

Version: 1.214

Type: local

Family: SCADA

Published: 3/22/2013

Updated: 3/26/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-0108

Vulnerability Information

CPE: cpe:/a:honeywell:enterprise_buildings_integrator

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/22/2013

Vulnerability Publication Date: 2/22/2013

Exploitable With

Core Impact

Metasploit (Honeywell HSC Remote Deployer ActiveX Remote Code Execution)

Reference Information

CVE: CVE-2013-0108

BID: 58134

ICSA: 13-053-02, 13-053-02A