Advantech / BroadWin WebAccess webvrpcs.exe Service Remote Code Execution (uncredentialed check) (deprecated)

Critical Nessus Plugin ID 56995

Synopsis

This plugin has been deprecated.

Description

The Advantech / BroadWin WebAccess software installed on the remote Windows host includes an RPC service (webvrpcs.exe) that listens remotely on TCP port 4592. It is affected by two vulnerabilities :

- An overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.

- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to obtain the security code value that protects the SCADA node via a long string in an RPC request to TCP port 4592.

This plugin has been deprecated due to false positives.

Solution

n/a

See Also

http://www.nessus.org/u?d44f6112

http://seclists.org/bugtraq/2011/Mar/214

https://ics-cert.us-cert.gov/advisories/ICSA-11-094-02B

Plugin Details

Severity: Critical

ID: 56995

File Name: scada_advantech_webaccess_rce_remote.nbin

Version: $Revision: 1.80 $

Type: remote

Family: SCADA

Published: 2011/12/02

Modified: 2018/06/06

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:advantech:webaccess, cpe:/a:broadwin:webaccess

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/08/01

Vulnerability Publication Date: 2011/03/22

Reference Information

CVE: CVE-2011-4041

BID: 47008

ICSA: 11-094-02B