Description
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ruben Santamarta · textremotemultiple
https://www.exploit-db.com/exploits/35495
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf
Exploit x_refsource_misc
http://reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47008
Exploit x_refsource_misc
http://www.reversemode.com/downloads/exploit_advantech.zip
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf
Various Sources x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/517117
Scores
EPSS
0.2378
EPSS Percentile
96.0%
Details
CWE
CWE-94
Status
published
Products (1)
broadwin/webaccess
Published
Feb 06, 2012
Tracked Since
Feb 18, 2026