Advantech WebAccess webvrpcs.exe Arbitrary File Download
Medium Nessus Plugin ID 124329
SynopsisThe remote host is running a SCADA application that is affected by an arbitrary file download vulnerability.
DescriptionThe Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running on the remote host is affected by an arbitrary file download vulnerability due to improper validation of user-supplied data when processing a DCERPC request. An unauthenticated, remote attacker can exploit this, via a series of crafted requests, to download arbitrary files and disclose sensitive information.
SolutionContact Advantech for solution.