CVE-2012-3018
Last modified
CVE-2012-3018 is a vulnerability of currently unknown severity. The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Iconics | Genesis32 | <= 9.22 |
| Iconics | Genesis32 | 8.05 |
| Iconics | Genesis32 | 9.0 |
| Iconics | Genesis32 | 9.1 |
| Iconics | Genesis32 | 9.01 |
| Iconics | Genesis32 | 9.2 |
| Iconics | Genesis32 | 9.13 |
| Iconics | Genesis32 | 9.20 |
| Iconics | Genesis32 | 9.21 |
| Iconics | Bizviz | <= 9.22 |
| Iconics | Bizviz | 8.05 |
| Iconics | Bizviz | 9.0 |
| Iconics | Bizviz | 9.01 |
| Iconics | Bizviz | 9.1 |
| Iconics | Bizviz | 9.2 |
| Iconics | Bizviz | 9.13 |
| Iconics | Bizviz | 9.20 |
| Iconics | Bizviz | 9.21 |
References
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdfUS Government Resource
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdfUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-3018?
How severe is CVE-2012-3018?
How do I fix CVE-2012-3018?
Are you affected by CVE-2012-3018?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST