CVE-2012-3018

EUVD-2012-2996
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
iconicsgenesis32
𝑥
≤ 9.22
iconicsgenesis32
8.05
iconicsgenesis32
9.0
iconicsgenesis32
9.1
iconicsgenesis32
9.01
iconicsgenesis32
9.2
iconicsgenesis32
9.13
iconicsgenesis32
9.20
iconicsgenesis32
9.21
iconicsbizviz
𝑥
≤ 9.22
iconicsbizviz
8.05
iconicsbizviz
9.0
iconicsbizviz
9.01
iconicsbizviz
9.1
iconicsbizviz
9.2
iconicsbizviz
9.13
iconicsbizviz
9.20
iconicsbizviz
9.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf