CVE-2013-2367

HP SiteScope 11.20-11.21 - Remote Code Execution via SOAP

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-2367. PoCs published by Metasploit, including Metasploit module exploits/windows/http/hp_sitescope_runomagentcommand.

AI-analyzed exploit summary This Metasploit module exploits a remote code execution flaw in HP SiteScope via the opcactivate.vbs script, which is reachable through the APIBSMIntegrationImpl AXIS service. It uses WScript.Shell.run() to execute cmd.exe with user-provided data, achieving RCE on vulnerable systems.

Description

Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/28188

View Code ZIP pw:eip

This Metasploit module exploits a remote code execution flaw in HP SiteScope via the opcactivate.vbs script, which is reachable through the APIBSMIntegrationImpl AXIS service. It uses WScript.Shell.run() to execute cmd.exe with user-provided data, achieving RCE on vulnerable systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP SiteScope 11.20 (with HP Operations Agent)

No auth needed

Prerequisites: Network access to the target's SiteScope service (port 8080 by default) · HP Operations Agent component installed

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC MANUAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb

View Code ZIP pw:eip

This Metasploit module exploits a code execution flaw in HP SiteScope via the opcactivate.vbs script, which uses WScript.Shell.run() to execute cmd.exe with user-provided data. It leverages a SOAP request to trigger the vulnerability and achieve remote command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP SiteScope 11.20 (with HP Operations Agent)

No auth needed

Prerequisites: HP Operations Agent component installed · Network access to the target's SOAP endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_hp

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03861260

Scores

EPSS 0.6889

EPSS Percentile 99.3%

Details

Status published

Products (2)

hp/sitescope 11.20

hp/sitescope 11.21

Published Jul 31, 2013

Tracked Since Feb 18, 2026