Genesis32
CVE-2014-0758
CRITICAL
Severity by source
AV:N/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
AnalysisAI
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-749. An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. Affected products include: Iconics Genesis32.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to i
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.2
Same weakness CWE-749 – Exposed Dangerous Method or Function
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today