What is CVE-2013-0108?

CVE-2013-0108 is a vulnerability in Honeywell Comfortpoint_open_manager_station, classified under Code Injection. Published 2013-02-24.

Is CVE-2013-0108 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Honeywell Comfortpoint_open_manager_station

CVE-2013-0108

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.614 (98.4th percentile) — read the EPSS interpretation.

Affected products

Honeywell Comfortpoint_open_manager_station — versions r100
Honeywell Enterprise_buildings_integrator — versions r310, r400.2, r410.1
Honeywell Symmetre — versions r310, r400.2, r410.1
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cret@cert.org (US Government Resource, x_refsource_MISC)

Frequently asked questions

What is CVE-2013-0108?: CVE-2013-0108 is a vulnerability in Honeywell Comfortpoint_open_manager_station, classified under Code Injection. Published 2013-02-24.
Is CVE-2013-0108 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.