Improper Encryption in ICONICS GENESIS32 and BizViz by ICONICS
CVE-2012-3018

Currently unrated

Key Information:

Vendor: Iconics
Status: Genesis32
Vendor: CVE Published:; 31 July 2012

What is CVE-2012-3018?

The lockout-recovery feature in the Security Configurator of ICONICS GENESIS32 and BizViz prior to version 9.22 employs an inadequate encryption mechanism for generating authentication codes. This vulnerability permits local users to bypass access restrictions, potentially gaining administrative access by predicting the challenge response, thereby compromising the integrity of the system's security protocols.

References

http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 31, 2012

Iconics

What is CVE-2012-3018?

References

Timeline