Release date:
Updated on:
Affected Systems:
ICONICS GENESIS32 8.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65706
CVE (CAN) ID: CVE-2014-0758
ICONICS GENESIS32 is a Scada product used for commercial facilities, energy, food, agriculture, medical care, and water conservancy.
The ActiveX controls used by GENESIS32 8.0, 8.02, 8.04, 8.05characters of genlaunch.htm files are insecure. Remote attackers can trick users into browsing malicious webpages without authentication or permission escalation, attackers can exploit this vulnerability to execute arbitrary code.
<* Source: NCCIC/ICS-CERT
Link: http://www.securelist.com/en/advisories/57034
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
ICONICS
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.iconics.com/