Mitsubishi MX Component ActiveX Remote Code Execution

High Nessus Plugin ID 66761


The remote host is affected by multiple remote code execution vulnerabilities.


The Mitsubishi MX Component v3 'ActUWzd.dll' ActiveX control was found on the remote host. This control has several methods that are vulnerable to a heap-based buffer overflow. A remote attacker may be able to execute arbitrary code by tricking a victim into opening a specially crafted web page.


Disable the control or upgrade to Mitsubishi MX Component 4.03 or later.

See Also

Plugin Details

Severity: High

ID: 66761

File Name: scada_mitsubishi_mx_component_activex.nbin

Version: $Revision: 1.70 $

Type: local

Family: SCADA

Published: 2013/06/03

Modified: 2018/02/06

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:mitsubishi-automation:mitsubishi_mx_component

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/21

Vulnerability Publication Date: 2013/03/25

Reference Information

CVE: CVE-2013-3075

BID: 58692

OSVDB: 91661

EDB-ID: 24886

ICS-ALERT: 13-091-01