Advantech / BroadWin WebAccess webvrpcs.exe Service Remote Code Execution (credentialed check)
Critical Nessus Plugin ID 56994
SynopsisThe remote host is running a service that is affected by remote code execution and information disclosure vulnerabilities.
DescriptionThe Advantech WebAccess software installed on the remote Windows host includes an RPC service (webvrpcs.exe) that listens remotely on TCP port 4592. It is affected by two vulnerabilities :
- An overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.
- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to obtain the security code value that protects the SCADA node via a long string in an RPC request to TCP port 4592.
SolutionUpgrade to Advantech WebAccess 7.1 2013.05.30 or later.