Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-3075

CWE-119 — Buffer Overflow4 documents4 sources

Severity

10.0CRITICAL

EPSS

29.7%

top 3.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mitsubishi-automation Mitsubishi MX Component Schneider-electric Citectfacilities Schneider-electric Citectscada

Timeline

PublishedApr 19

Latest updateMay 17

Description

Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDschneider-electric/citectscada7.10

▶NVDschneider-electric/citectfacilities7.10

▶NVDmitsubishi-automation/mitsubishi_mx_component3

🔴Vulnerability Details

GHSA

GHSA-rm75-rv3f-hqjv: Multiple buffer overflows in ActUWzd↗2022-05-17

▶

CVEList

CVE-2013-3075: Multiple buffer overflows in ActUWzd↗2013-04-19

▶

💥Exploits & PoCs

Exploit-DB

Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Heap Spray↗2013-03-25

▶