CVE-2013-2817

critical

Published 2014-02-24 · Modified 2026-04-29

CVSS v3

—

CVSS v2

9.3

VIR risk

9.3

Description

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works

Application impact

Vendor	Product	Versions	Fixed
mitsubishielectric	mc-worx_suite	`{"endIncluding":"8.02"}`

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02
http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02
http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.