CVE-2013-3075
published 2013-04-19CVE-2013-3075: Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow…
PriorityP353critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.77%
95.3th percentile
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitsubishi-automation | mitsubishi_mx_component | — | — |
| schneider-electric | citectfacilities | — | — |
| schneider-electric | citectscada | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rm75-rv3f-hqjv: Multiple buffer overflows in ActUWzd
ghsa_unreviewed·2022-05-17
CVE-2013-3075 [HIGH] CWE-119 GHSA-rm75-rv3f-hqjv: Multiple buffer overflows in ActUWzd
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control.
CISA ICS
Mitsubishi Electric Automation MX Component V3 ActiveX Vulnerability
cisa_ics·2013-04-01
Mitsubishi Electric Automation MX Component V3 ActiveX Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Mitsubishi Electric Automation MX Component V3 ActiveX Vulnerability
Last RevisedSeptember 06, 2018
Alert CodeICSA-13-140-01
## OVERVIEW
This advisory is a follow-up to the alert titled ICS-ALERT-13-091-01 Mitsubishi Electric Automation MX Buffer Overflow Vulnerability that was published April 1, 2013, on the ICS-CERT Web siteICSA-13-091-01, http://ics-cert.us-cert.gov/alerts/ICSA-13-091-01, last accessed May 20, 2013.
Independent researchers Derek Betker and Dr_IDE have identified an ActiveX buffer overflow vulnerability in the Mitsubishi MX Component Version 3 application. Th
No detection rules found.
No writeups or analysis indexed.
2013-04-19
Published