An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02 | US Government Resource |
http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works | Patch Vendor Advisory |
Configurations
Information
Published : 2014-02-23 20:48
Updated : 2014-02-24 10:48
NVD link : CVE-2013-2817
Mitre link : CVE-2013-2817
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
mitsubishielectric
- mc-worx_suite