Honeywell.Tema.Installer.ActiveX.Arbitrary.File.Download
Description
This indicates an attempt to exploit an Arbitrary File Download vulnerability in Honeywell Tema Remote Installer ActiveX Control.
The vulnerability is caused by Honeywell Tema Remote Installer ActiveX Control's failure to check the parameters that are passed to the "DownloadFromURL()" method. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and download arbitrary file.
Affected Products
Honeywell TEMA 5.3.1
Honeywell TEMA 5.3.0
Honeywell TEMA 5.2
Honeywell TEMA 4.9
Honeywell TEMA 4.8
Honeywell TEMA 4.10
Honeywell EBI R410.2
Honeywell EBI R410.1
Honeywell EBI R400.2 SP1
Honeywell EBI R310.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |