Vulnerability-Lookup

CVE-2011-2089 (GCVE-0-2011-2089)

Vulnerability from cvelistv5 – Published: 2011-05-13 17:00 – Updated: 2024-08-06 22:46

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
http://www.security-assessment.com/files/document…	x_refsource_MISC
http://www.osvdb.org/72135	vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/44417	third-party-advisoryx_refsource_SECUNIA
http://www.us-cert.gov/control_systems/pdf/ICSA-1…	x_refsource_MISC
http://www.vupen.com/english/advisories/2011/1174	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/47704	vdb-entryx_refsource_BID
http://www.exploit-db.com/exploits/17240	exploitx_refsource_EXPLOIT-DB
http://www.exploit-db.com/exploits/17269	exploitx_refsource_EXPLOIT-DB
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Date Public

2011-05-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
          },
          {
            "name": "72135",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/72135"
          },
          {
            "name": "44417",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44417"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
          },
          {
            "name": "ADV-2011-1174",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1174"
          },
          {
            "name": "47704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47704"
          },
          {
            "name": "17240",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17240"
          },
          {
            "name": "17269",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17269"
          },
          {
            "name": "webhmi-activex-bo(67267)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
        },
        {
          "name": "72135",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/72135"
        },
        {
          "name": "44417",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44417"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
        },
        {
          "name": "ADV-2011-1174",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1174"
        },
        {
          "name": "47704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47704"
        },
        {
          "name": "17240",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17240"
        },
        {
          "name": "17269",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17269"
        },
        {
          "name": "webhmi-activex-bo(67267)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf",
              "refsource": "MISC",
              "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
            },
            {
              "name": "72135",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/72135"
            },
            {
              "name": "44417",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44417"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
            },
            {
              "name": "ADV-2011-1174",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1174"
            },
            {
              "name": "47704",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47704"
            },
            {
              "name": "17240",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17240"
            },
            {
              "name": "17269",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17269"
            },
            {
              "name": "webhmi-activex-bo(67267)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2089",
    "datePublished": "2011-05-13T17:00:00.000Z",
    "dateReserved": "2011-05-13T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:46:00.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2011-2089",
      "date": "2026-05-30",
      "epss": "0.74625",
      "percentile": "0.98878"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2854F716-ED09-46E8-AF9C-030EADDDB29F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3214375-3D3A-47F9-BE1F-D92102A8C8F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0585FE5D-0FA5-4E13-AA5E-B5714564A14C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E4B6521-EE6D-49FB-B771-830B34613007\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22060866-9121-480B-913A-41616CD94A27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"278C55AD-294C-4D39-8E50-0726CA523A34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E01069E-E059-446B-A0C5-89C37C902D3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02BE61E1-12E1-46B3-B725-9A73EAD272B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7784C58-C8CF-4631-8171-67D95595FF79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F303667-A48E-40D2-9C38-C9C2813020AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86628D9D-4270-4571-A57A-17962BC2027D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EFFA7EA-6775-44B8-88ED-D1B6E4AE259A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CDD1388-8FBF-4B3E-854E-B68D3EB6569B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en el m\\u00e9todo SetActiveXGUID en el control VersionInfo ActiveX en GenVersion.dll v8.0.138.0 en el subsistema WebHMI en ICONICS BizViz v9.x anterior a v9.22 y GENESIS32 v9.x anterior a v9.22 permite a atacantes remotos ejecutar c\\u00f3digo de su lecci\\u00f3n a trav\\u00e9s de una cadena larga en el argumento. NOTA: alguno de estos detalles son obtenidos de terceras partes de informaci\\u00f3n\"}]",
      "id": "CVE-2011-2089",
      "lastModified": "2024-11-21T01:27:34.020",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-05-13T17:05:45.643",
      "references": "[{\"url\": \"http://secunia.com/advisories/44417\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.exploit-db.com/exploits/17240\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.exploit-db.com/exploits/17269\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/72135\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/47704\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1174\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67267\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/44417\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.exploit-db.com/exploits/17240\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.exploit-db.com/exploits/17269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/72135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/47704\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1174\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2089\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-05-13T17:05:45.643\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en el m\u00e9todo SetActiveXGUID en el control VersionInfo ActiveX en GenVersion.dll v8.0.138.0 en el subsistema WebHMI en ICONICS BizViz v9.x anterior a v9.22 y GENESIS32 v9.x anterior a v9.22 permite a atacantes remotos ejecutar c\u00f3digo de su lecci\u00f3n a trav\u00e9s de una cadena larga en el argumento. NOTA: alguno de estos detalles son obtenidos de terceras partes de informaci\u00f3n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2854F716-ED09-46E8-AF9C-030EADDDB29F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3214375-3D3A-47F9-BE1F-D92102A8C8F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0585FE5D-0FA5-4E13-AA5E-B5714564A14C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E4B6521-EE6D-49FB-B771-830B34613007\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22060866-9121-480B-913A-41616CD94A27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"278C55AD-294C-4D39-8E50-0726CA523A34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E01069E-E059-446B-A0C5-89C37C902D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02BE61E1-12E1-46B3-B725-9A73EAD272B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7784C58-C8CF-4631-8171-67D95595FF79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F303667-A48E-40D2-9C38-C9C2813020AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86628D9D-4270-4571-A57A-17962BC2027D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EFFA7EA-6775-44B8-88ED-D1B6E4AE259A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CDD1388-8FBF-4B3E-854E-B68D3EB6569B\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/44417\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/17240\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.exploit-db.com/exploits/17269\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/72135\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/47704\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/1174\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67267\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/44417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/17240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.exploit-db.com/exploits/17269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/72135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/47704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/1174\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2011-2089

Vulnerability from fkie_nvd - Published: 2011-05-13 17:05 - Updated: 2026-04-29 01:13

Severity

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/44417	Vendor Advisory
cve@mitre.org	http://www.exploit-db.com/exploits/17240	Exploit
cve@mitre.org	http://www.exploit-db.com/exploits/17269	Exploit
cve@mitre.org	http://www.osvdb.org/72135
cve@mitre.org	http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/47704	Exploit
cve@mitre.org	http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1174	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/67267
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44417	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/17240	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/17269	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/72135
af854a3a-2127-422b-91ae-364da2661108	http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47704	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1174	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67267

Impacted products

Vendor	Product	Version
iconics	bizviz	9.0
iconics	bizviz	9.01
iconics	bizviz	9.1
iconics	bizviz	9.2
iconics	bizviz	9.13
iconics	bizviz	9.20
iconics	bizviz	9.21
iconics	genesis32	9.0
iconics	genesis32	9.1
iconics	genesis32	9.01
iconics	genesis32	9.2
iconics	genesis32	9.13
iconics	genesis32	9.20
iconics	genesis32	9.21

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2854F716-ED09-46E8-AF9C-030EADDDB29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3214375-3D3A-47F9-BE1F-D92102A8C8F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585FE5D-0FA5-4E13-AA5E-B5714564A14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4B6521-EE6D-49FB-B771-830B34613007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "22060866-9121-480B-913A-41616CD94A27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "278C55AD-294C-4D39-8E50-0726CA523A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4F2D10-A4DD-4C7C-A5A8-BEDC23A413C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E01069E-E059-446B-A0C5-89C37C902D3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02BE61E1-12E1-46B3-B725-9A73EAD272B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7784C58-C8CF-4631-8171-67D95595FF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F303667-A48E-40D2-9C38-C9C2813020AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86628D9D-4270-4571-A57A-17962BC2027D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EFFA7EA-6775-44B8-88ED-D1B6E4AE259A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CDD1388-8FBF-4B3E-854E-B68D3EB6569B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en el m\u00e9todo SetActiveXGUID en el control VersionInfo ActiveX en GenVersion.dll v8.0.138.0 en el subsistema WebHMI en ICONICS BizViz v9.x anterior a v9.22 y GENESIS32 v9.x anterior a v9.22 permite a atacantes remotos ejecutar c\u00f3digo de su lecci\u00f3n a trav\u00e9s de una cadena larga en el argumento. NOTA: alguno de estos detalles son obtenidos de terceras partes de informaci\u00f3n"
    }
  ],
  "id": "CVE-2011-2089",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-13T17:05:45.643",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44417"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17240"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17269"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/72135"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/47704"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1174"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/72135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/47704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V47W-64G8-GGFH

Vulnerability from github – Published: 2022-05-17 01:55 – Updated: 2022-05-17 01:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2089"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-05-13T17:05:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-v47w-64g8-ggfh",
  "modified": "2022-05-17T01:55:46Z",
  "published": "2022-05-17T01:55:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2089"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44417"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/17240"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/17269"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/72135"
    },
    {
      "type": "WEB",
      "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47704"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/1174"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-2089

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2089

Aliases

CVE-2011-2089

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2089",
    "description": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information.",
    "id": "GSD-2011-2089"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2089"
      ],
      "details": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information.",
      "id": "GSD-2011-2089",
      "modified": "2023-12-13T01:19:06.492237Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-2089",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf",
            "refsource": "MISC",
            "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
          },
          {
            "name": "72135",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/72135"
          },
          {
            "name": "44417",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44417"
          },
          {
            "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf",
            "refsource": "MISC",
            "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
          },
          {
            "name": "ADV-2011-1174",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/1174"
          },
          {
            "name": "47704",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/47704"
          },
          {
            "name": "17240",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/17240"
          },
          {
            "name": "17269",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/17269"
          },
          {
            "name": "webhmi-activex-bo(67267)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2089"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-1174",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/1174"
            },
            {
              "name": "72135",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/72135"
            },
            {
              "name": "47704",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/47704"
            },
            {
              "name": "17240",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/17240"
            },
            {
              "name": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf"
            },
            {
              "name": "17269",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/17269"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf",
              "refsource": "MISC",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf"
            },
            {
              "name": "44417",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44417"
            },
            {
              "name": "webhmi-activex-bo(67267)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:29Z",
      "publishedDate": "2011-05-13T17:05Z"
    }
  }
}

ICSA-11-131-01

Vulnerability from csaf_cisa - Published: 2011-02-11 07:00 - Updated: 2025-06-09 17:27

Summary

ICONICS GENESIS32 and BizViz ActiveX Stack Overflow

Notes

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation.

Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

CVE-2011-2089

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
ICONICS GENESIS32: >=9\|<=9.21 ICONICS / GENESIS32		>=9\|<=9.21	Mitigation fix Mitigation fix Mitigation fix
ICONICS BizViz: >=9\|<=9.21 ICONICS / BizViz		>=9\|<=9.21	Mitigation fix Mitigation fix Mitigation fix

References

10 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external
https://www.cisa.gov/uscert/sites/default/files/p…	external
https://www.cisa.gov/uscert/ncas/tips/ST04-014	external

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-11-131-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2011/icsa-11-131-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-11-131-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-11-131-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "ICONICS GENESIS32 and BizViz ActiveX Stack Overflow",
    "tracking": {
      "current_release_date": "2025-06-09T17:27:30.000102Z",
      "generator": {
        "date": "2025-06-09T17:27:29.999996Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-11-131-01",
      "initial_release_date": "2011-02-11T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2011-02-11T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-09T17:27:30.000102Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=9|\u003c=9.21",
                "product": {
                  "name": "ICONICS GENESIS32: \u003e=9|\u003c=9.21",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "GENESIS32"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=9|\u003c=9.21",
                "product": {
                  "name": "ICONICS BizViz: \u003e=9|\u003c=9.21",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "BizViz"
          }
        ],
        "category": "vendor",
        "name": "ICONICS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-2089",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "ICONICS has released a patch that addresses this vulnerability for each of the affected products. ICONICS recommends that users of GENESIS32 and BizViz install the patch entitled \u201cWebHMI V9.21 Patch.\u201d (http://iconics.com/certs) ICONICS also plans to address this vulnerability in the upcoming version 9.22 update of GENESIS32 and BizViz. ICONICS expects this update to be available in June 2011.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://iconics.com/certs"
        },
        {
          "category": "mitigation",
          "details": "ICONICS has updated their \u201cWhitepaper on Security Vulnerabilities\u201d (http://iconics.com/certs) to include details of this vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://iconics.com/certs"
        },
        {
          "category": "mitigation",
          "details": "For additional product support, users can contact ICONICS by phone at (508) 543-8600 or by e-mail at (mailto:support@iconics.com).",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "mailto:support@iconics.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

VAR-201105-0146

Vulnerability from variot - Updated: 2023-12-18 14:02

Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the 'GenVersion.dll' ActiveX control. Failed exploit attempts will result in a denial-of-service condition. "SetActiveXGUID()" method (GenVersion.dll) There is a boundary error. ----------------------------------------------------------------------

Secunia is hiring!

http://secunia.com/company/jobs/

TITLE: ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA44417

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44417/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44417

RELEASE DATE: 2011-05-04

DISCUSS ADVISORY: http://secunia.com/advisories/44417/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/44417/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=44417

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been discovered in ICONICS VersionInfo ActiveX control, which can be exploited by malicious people to compromise a user's system.

The vulnerability is confirmed in GenVersion.dll version 8.0.138.0. Other versions may also be affected.

SOLUTION: Update to a fixed version. Contact the vendor for further information.

PROVIDED AND/OR DISCOVERED BY: Scott Bell and Blair Strang, Security-Assessment.com

ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0146",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.20"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.13"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.01"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.0"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.2"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "iconics",
        "version": "9.1"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.21"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.20"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.13"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "9.01"
      },
      {
        "model": "bizviz",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "iconics",
        "version": "9.x"
      },
      {
        "model": "bizviz",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "genesis32",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "iconics",
        "version": "9.22"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iconics",
        "version": "9.x"
      },
      {
        "model": "versioninfo activex control",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iconics",
        "version": "8.x"
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iconics",
        "version": "10.x"
      },
      {
        "model": "pacis sui rc7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "1.1"
      },
      {
        "model": "pacis sui rc6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "1.1"
      },
      {
        "model": "webhmi activex control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "iconics",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.01"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.20"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "bizviz",
        "version": "9.21"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.01"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.20"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "genesis32",
        "version": "9.21"
      },
      {
        "model": "genesis32",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "9.x*"
      },
      {
        "model": "versioninfo activex control",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "8.x*"
      },
      {
        "model": "genesis64",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "iconics",
        "version": "10.x*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Scott Bell \u0026 Blair Strang",
    "sources": [
      {
        "db": "BID",
        "id": "47704"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-2089",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-2089",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "f780befa-2354-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d",
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
            "version": "2.0 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-2089",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201105-169",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "f780befa-2354-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information. GENESIS32/64 is a new generation of industrial control software developed by ICONICS of the United States. Successful exploitation of a vulnerability can execute arbitrary code in an application security context. The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the \u0027GenVersion.dll\u0027 ActiveX control. Failed exploit attempts will result in a denial-of-service condition. \"SetActiveXGUID()\" method (GenVersion.dll) There is a boundary error. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA44417\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44417/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44417/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44417/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in ICONICS VersionInfo ActiveX\ncontrol, which can be exploited by malicious people to compromise a\nuser\u0027s system. \n\nThe vulnerability is confirmed in GenVersion.dll version 8.0.138.0. \nOther versions may also be affected. \n\nSOLUTION:\nUpdate to a fixed version. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nScott Bell and Blair Strang, Security-Assessment.com\n\nORIGINAL ADVISORY:\nhttp://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "PACKETSTORM",
        "id": "101133"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "44417",
        "trust": 3.1
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "47704",
        "trust": 2.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-131-01",
        "trust": 2.4
      },
      {
        "db": "OSVDB",
        "id": "72135",
        "trust": 2.4
      },
      {
        "db": "EXPLOIT-DB",
        "id": "17269",
        "trust": 1.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "17240",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-1174",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "67267",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "F780BEFA-2354-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "30D8DBBE-1F96-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "101133",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "PACKETSTORM",
        "id": "101133"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "id": "VAR-201105-0146",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      }
    ],
    "trust": 1.7413905
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:02:12.822000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Hot Fixes",
        "trust": 0.8,
        "url": "http://www.iconics.com/home/support/hot-fixes.aspx"
      },
      {
        "title": "ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/3787"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-131-01.pdf"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/44417"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/47704"
      },
      {
        "trust": 2.0,
        "url": "http://www.security-assessment.com/files/documents/advisory/iconics_webhmi.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/17240"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/17269"
      },
      {
        "trust": 1.6,
        "url": "http://www.osvdb.org/72135"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2011/1174"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/67267"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67267"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2089"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2089"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/72135"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/44417/http"
      },
      {
        "trust": 0.3,
        "url": "http://download.schneider-electric.com/files?p_file_id=320329939"
      },
      {
        "trust": 0.3,
        "url": "http://www.iconics.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44417/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44417"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/company/jobs/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44417/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "PACKETSTORM",
        "id": "101133"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "db": "BID",
        "id": "47704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "db": "PACKETSTORM",
        "id": "101133"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-05-16T00:00:00",
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-05-05T00:00:00",
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-05-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "date": "2011-05-03T00:00:00",
        "db": "BID",
        "id": "47704"
      },
      {
        "date": "2011-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "date": "2011-05-05T06:57:34",
        "db": "PACKETSTORM",
        "id": "101133"
      },
      {
        "date": "2011-05-13T17:05:45.643000",
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "date": "2011-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-05-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      },
      {
        "date": "2015-04-13T21:01:00",
        "db": "BID",
        "id": "47704"
      },
      {
        "date": "2011-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001794"
      },
      {
        "date": "2017-08-29T01:29:16.080000",
        "db": "NVD",
        "id": "CVE-2011-2089"
      },
      {
        "date": "2011-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ICONICS VersionInfo ActiveX Control Buffer Overflow Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-1744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "f780befa-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "30d8dbbe-1f96-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201105-169"
      }
    ],
    "trust": 1.0
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2089 (GCVE-0-2011-2089)

FKIE_CVE-2011-2089

GHSA-V47W-64G8-GGFH

GSD-2011-2089

ICSA-11-131-01

VAR-201105-0146

Tags

Sightings

Nomenclature