1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Honeywell HSC Remote Deployer CVE-2013-0108

Web Attack: Honeywell HSC Remote Deployer CVE-2013-0108

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote code execution vulnerability in Honeywell HSC Remote Deployer.

Additional Information

Multiple Honeywell Products are prone to a remote code-execution vulnerability because it fails to properly validate user-supplied input submitted to the 'HscRemoteDeploy.dll' Activex control. An attacker can exploit this issue by enticing an unsuspecting user to view a specially crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts likely result in denial-of-service conditions.

Affected

  • Honeywell EBI
  • Honeywell SymmetrE
  • Honeywell CPO-M
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube