CVE-2014-0758

Published: Feb 24, 2014Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.

Affected (4)

Products: Iconics: Genesis32

Iconics

1 product

Genesis32

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Iconics Genesis32	Version 8.02
Iconics Genesis32	Version 8.04
Iconics Genesis32	Version 8.05
Iconics Genesis32	Version 8.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-749

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-14-051-01

Source: ics-cert@hq.dhs.gov

http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.