← Back

CVE-2013-0108

nvd nist
Published: Feb 24, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.

Affected (8)

Honeywell
3 products
Enterprise Buildings Integrator
Symmetre
Comfortpoint Open Manager Station
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Honeywell
Enterprise Buildings Integrator
Version r310
Enterprise Buildings Integrator
Version r400.2
Enterprise Buildings Integrator
Version r410.1
Enterprise Buildings Integrator
Version r410.2
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Honeywell
Symmetre
Version r310
Symmetre
Version r400.2
Symmetre
Version r410.1
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Comfortpoint Open Manager Station
Version r100

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

Source: cret@cert.org
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource

Timeline

No history available yet.