An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Frontvue | Arcinfo | * | * |
| Pcvue | Arcinfo | 6.0 (including) | 6.0 (including) |
| Pcvue | Arcinfo | 8.2 (including) | 8.2 (including) |
| Pcvue | Arcinfo | 9.0 (including) | 9.0 (including) |
| Pcvue | Arcinfo | 10.0 (including) | 10.0 (including) |
| Plantvue | Arcinfo | * | * |
References
- http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf
- https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440
- http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf
- https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440