CVE-2012-3018
published 2012-07-31CVE-2012-3018: The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper…
PriorityP416medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EPSS
0.21%
11.2th percentile
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iconics | bizviz | <= 9.22 | — |
| iconics | bizviz | — | — |
| iconics | bizviz | — | — |
| iconics | bizviz | — | — |
| iconics | bizviz | — | — |
| iconics | bizviz | — | — |
| iconics | bizviz | — | — |
| iconics | bizviz | — | — |
| iconics | bizviz | — | — |
| iconics | genesis32 | <= 9.22 | — |
| iconics | genesis32 | — | — |
| iconics | genesis32 | — | — |
| iconics | genesis32 | — | — |
| iconics | genesis32 | — | — |
| iconics | genesis32 | — | — |
| iconics | genesis32 | — | — |
| iconics | genesis32 | — | — |
| iconics | genesis32 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hwj-3gj3-6grw: The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9
ghsa_unreviewed·2022-05-17
CVE-2012-3018 [MEDIUM] GHSA-3hwj-3gj3-6grw: The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
CISA ICS
ICONICS GENESIS32/BizViz Security Configurator Authentication Bypass Vulnerability
cisa_ics·2013-08-28
ICONICS GENESIS32/BizViz Security Configurator Authentication Bypass Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ICONICS GENESIS32/BizViz Security Configurator Authentication Bypass Vulnerability
Last RevisedAugust 28, 2013
Alert CodeICSA-12-212-01
## Overview
Dr. Wesley McGrew of Mississippi State University has identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications, specifically in the Security Configurator component. This vulnerability allows an attacker to bypass normal authentication methods, granting full administrative control over the system. Exploits that target this vulnerability are known to be publicly
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2012-07-31
Published