CVE-2011-5088

EUVD-2011-4988
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
iconicsbizviz
9.21
iconicsgenesis32
9.21
𝑥
= Vulnerable software versions
References
http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf