CVE-2013-2817

Mitsubishi Electric Automation MC-WorX Suite 8.02 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2817. PoCs published by blake.

AI-analyzed exploit summary This exploit leverages an insecure ActiveX control in Mitsubishi MC-WorkX Suite to execute arbitrary code. The PoC demonstrates launching calc.exe via the IcoLaunch.dll ActiveX control when a user interacts with the page.

Description

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.

Exploits (1)

exploitdb WORKING POC

by blake · htmlremotewindows

https://www.exploit-db.com/exploits/28284

View Code ZIP pw:eip

This exploit leverages an insecure ActiveX control in Mitsubishi MC-WorkX Suite to execute arbitrary code. The PoC demonstrates launching calc.exe via the IcoLaunch.dll ActiveX control when a user interacts with the page.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mitsubishi MC-WorkX Suite 8.02

No auth needed

Prerequisites: Victim must visit the malicious webpage · ActiveX controls must be enabled in the browser · Target system must have the vulnerable Mitsubishi MC-WorkX Suite installed

MITRE ATT&CK

T1176 - Software Extensions T1218.002 - Control Panel

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works

US Government Resource x_refsource_misc

http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02

Scores

EPSS 0.0593

EPSS Percentile 92.3%

Details

CWE

CWE-94

Status published

Products (1)

mitsubishielectric/mc-worx_suite < 8.02

Published Feb 24, 2014

Tracked Since Feb 18, 2026