CVE-2011-2089

ICONICS BizViz <9.22, GENESIS32 <9.22 - RCE

Title source: llm

Description

Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17269

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by sgb & bls · htmlremotewindows

https://www.exploit-db.com/exploits/17240

View Code ZIP pw:eip

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://secunia.com/advisories/44417

[Exploit] http://www.exploit-db.com/exploits/17240

[Exploit] http://www.exploit-db.com/exploits/17269

[Exploit] http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf

[Exploit] http://www.securityfocus.com/bid/47704

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/1174

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/67267

[Third Party Advisory, VDB Entry] http://www.osvdb.org/72135

Scores

EPSS 0.7462

EPSS Percentile 98.9%

Details

CWE

CWE-119

Status published

Products (14)

iconics/bizviz 9.0

iconics/bizviz 9.01

iconics/bizviz 9.1

iconics/bizviz 9.2

iconics/bizviz 9.13

iconics/bizviz 9.20

iconics/bizviz 9.21

iconics/genesis32 9.0

iconics/genesis32 9.1

iconics/genesis32 9.01

... and 4 more

Published May 13, 2011

Tracked Since Feb 18, 2026