CVE-2012-3018

Published: Jul 31, 2012Modified: Apr 29, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.

Affected (18)

Products: Iconics: Genesis32, Bizviz

Iconics

2 products

Genesis32

Bizviz

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Iconics Genesis32	Up to 9.22
Iconics Genesis32	Version 8.05
Iconics Genesis32	Version 9.01
Iconics Genesis32	Version 9.0
Iconics Genesis32	Version 9.13
Iconics Genesis32	Version 9.1
Iconics Genesis32	Version 9.20
Iconics Genesis32	Version 9.21
Iconics Genesis32	Version 9.2

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Iconics Bizviz	Up to 9.22
Iconics Bizviz	Version 8.05
Iconics Bizviz	Version 9.01
Iconics Bizviz	Version 9.0
Iconics Bizviz	Version 9.13
Iconics Bizviz	Version 9.1
Iconics Bizviz	Version 9.20
Iconics Bizviz	Version 9.21
Iconics Bizviz	Version 9.2

Related CWEs

CWE-310

References (2)

http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf

Source: ics-cert@hq.dhs.gov

US Government Resource

http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.