Main Vulnerability Database Vulnerabilities #VU43775

Cryptographic issues in GENESIS32 and BizViz - CVE-2012-3018

Published: July 31, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43775

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-3018

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ICONICS, Inc.

Affected software:
GENESIS32
BizViz

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.

How to mitigate CVE-2012-3018

Install update from vendor's website.

Sources

http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf

Cryptographic issues in GENESIS32 and BizViz - CVE-2012-3018

Detailed vulnerability description

How to mitigate CVE-2012-3018

Sources

Please verify you're human