Advantech BroadWin WebAccess Remote Code Execution Vulnerability
BID:51941
Info
Advantech BroadWin WebAccess Remote Code Execution Vulnerability
| Bugtraq ID: | 51941 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2012 12:00AM |
| Updated: | Feb 09 2012 12:00AM |
| Credit: | amisto0x07 and Z0mb1E |
| Vulnerable: |
Advantech BroadWin WebAccess 0 |
| Not Vulnerable: | |
Discussion
Advantech BroadWin WebAccess Remote Code Execution Vulnerability
Advantech BroadWin WebAccess is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data.
Successful exploits will allow an attacker to run arbitrary code in the servers managed by the affected application. Failed attacks may cause denial-of-service conditions.
Advantech BroadWin WebAccess is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data.
Successful exploits will allow an attacker to run arbitrary code in the servers managed by the affected application. Failed attacks may cause denial-of-service conditions.
Exploit / POC
Advantech BroadWin WebAccess Remote Code Execution Vulnerability
The reporters of this issue have developed a proof-of-concept. Please see the references for more information.
The reporters of this issue have developed a proof-of-concept. Please see the references for more information.
Solution / Fix
Advantech BroadWin WebAccess Remote Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Advantech BroadWin WebAccess Remote Code Execution Vulnerability
References:
References:
- BroadWin WebAccess Homepage (Advantech )
- ICS-ALERT-12-039-01�??ADVANTECH BROADWIN RPC SERVER VULNERABILITY (ICS-CERT)