CVE-2013-2817
published 2014-02-24CVE-2013-2817: An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.93%
92.3th percentile
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitsubishielectric | mc-worx_suite | <= 8.02 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for ActiveX instantiation of IcoLaunch.dll in browser processes, particularly when followed by child process execution. ↗
- →Look for arbitrary process spawning (e.g., executables from remote UNC/share paths) triggered by a browser process loading IcoLaunch.dll, consistent with the PoC pattern of assigning a FileName property on the ActiveX object. ↗
- →Alert on the FileName property being set on the IcoLaunch ActiveX control via script in a web page, especially to UNC paths or unusual executables. ↗
- →Exploits are publicly available; treat any MC-WorX 8.02 host browsing untrusted HTML as high-risk for arbitrary code execution without authentication or privilege elevation. ↗
- ·Exploitation requires user interaction — the victim must click the Login Client button in the crafted HTML page; drive-by without a click will not trigger execution. ↗
- ·Only MC-WorX Suite version 8.02 is vulnerable; version 9.22 (released 2011) is not affected by this ActiveX issue. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8xqw-6q3f-w3jp: An ActiveX control in IcoLaunch
ghsa_unreviewed·2022-05-17
CVE-2013-2817 [HIGH] CWE-94 GHSA-8xqw-6q3f-w3jp: An ActiveX control in IcoLaunch
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
CISA ICS
Mitsubishi Electric Automation MC-WorX Suite Unsecure ActiveX Control
cisa_ics·2018-09-06
Mitsubishi Electric Automation MC-WorX Suite Unsecure ActiveX Control
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Mitsubishi Electric Automation MC-WorX Suite Unsecure ActiveX Control
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-051-02
## OVERVIEW
This advisory is a follow-up to the original alert, titled ICS-ALERT-13-259-01 Mitsubishi MC-WorX Suite Unsecure ActiveX Control,ICS-ALERT-13-259-01 Mitsubishi MC-WorkX Suite Insecure ActiveX Control, http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-259-01, web site last accessed February 20, 2014. published September 16, 2013, on the NCCIC/ICS‑CERT web site (this was originally incorrectly identified as MC-WorkX, the correct product name is MC
No detection rules found.
No writeups or analysis indexed.
2014-02-24
Published