Intrusion Prevention

Honeywell.Tema.Remote.Installer.ActiveX.Arbitrary.File.Download

Description

This indicates an attempt to exploit an Arbitrary File Download vulnerability in Honeywell Tema Remote Installer ActiveX Control.
The vulnerability is caused by Honeywell Tema Remote Installer ActiveX Control's failure to check the parameters that are passed to the "DownloadFromURL()" method. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and download arbitrary file.

Affected Products

Honeywell TEMA 5.3.1
Honeywell TEMA 5.3.0
Honeywell TEMA 5.2
Honeywell TEMA 4.9
Honeywell TEMA 4.8
Honeywell TEMA 4.10
Honeywell EBI R410.2
Honeywell EBI R410.1
Honeywell EBI R400.2 SP1
Honeywell EBI R310.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.