Honeywell EBI ActiveX Control Vulnerability

April 19, 2013

The Honeywell HMIWeb Browser provides secure web access to Honeywell building control systems. Upon installation of the following software:

Honeywell Enterprise Buildings Integrator (EBI)
Honeywell SymmetrE
Honeywell ComfortPoint Open Manager

the Honeywell HMIWeb Browser is also deployed.

A remote code execution vulnerability exists in multiple Honeywell products. The vulnerability is due to exposure of an unsafe method in the HscRemoteDeploy.dll ActiveX control used in Honeywell HMIWeb Browser. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted webpage using Internet Explorer. Successful exploitation could lead to arbitrary code execution in the security context of the logged-in user. Failed attacks could lead to termination of the browser.

The vulnerability has been assigned as CVE-2013-0108.

Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 9789 Honeywell EBI HscRemoteDeploy ActiveX LaunchInstaller Method Invocation