Advantech WebAccess webvrpcs.exe Path Traversal RCE
Critical Nessus Plugin ID 117360
SynopsisThe remote host is running a SCADA application that is affected by a
path traversal vulnerability.
DescriptionThe Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running
on the remote host is affected by a path traversal vulnerability due
to the failure to properly validate user-supplied input when
processing a DCERPC request. An unauthenticated, remote attacker can
exploit this, via a series of crafted requests, to execute arbitrary
Note that this vulnerability is supposedly fixed in WebAccess/SCADA
version 8.3, but it appears that versions 8.3.1 and 8.3.2 are still
SolutionWebAccess/SCADA version 8.3.3 or later appears to fix the issue.
Contact vendor for confirmation.