Genesis32
CVE-2012-3018
MEDIUM
Severity by source
AV:L/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
AnalysisAI
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an. Rated medium severity (CVSS 4.4). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-310. The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. Affected products include: Iconics Genesis32, Iconics Bizviz.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute ar
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to i
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a
Same weakness CWE-310 – Cryptographic Issues
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today