An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02 | US Government Resource |
http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works | Patch Vendor Advisory |
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02 | US Government Resource |
http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 01:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02 - US Government Resource | |
References | () http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works - Patch, Vendor Advisory |
Information
Published : 2014-02-24 04:48
Updated : 2024-11-21 01:52
NVD link : CVE-2013-2817
Mitre link : CVE-2013-2817
CVE.ORG link : CVE-2013-2817
JSON object : View
Products Affected
mitsubishielectric
- mc-worx_suite
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')