CVE-2012-0254
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cret@cert.org — https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| honeywell | enterprise_building_manager | r400 | |
| honeywell | enterprise_building_manager | r410.1 | |
| honeywell | experion | r200 | |
| honeywell | experion | r300 | |
| honeywell | experion | r310 | |
| honeywell | experion | r400.0 | |
| honeywell | symmetre | r410.1 | |
References
CWEs
CWE-787
Verify integrity in audit chain (admin only). AS-IS.