Details of VAR-E-201202-0770

ID

VAR-E-201202-0770

TITLE

Advantech BroadWin WebAccess Remote Code Execution Vulnerability

Trust: 0.3

sources: BID: 51941

DESCRIPTION

Advantech BroadWin WebAccess is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data.
Successful exploits will allow an attacker to run arbitrary code in the servers managed by the affected application. Failed attacks may cause denial-of-service conditions.

Trust: 0.3

sources: BID: 51941

AFFECTED PRODUCTS

vendor:

advantech

model:

broadwin webaccess

scope:

version:

Trust: 0.3

sources: BID: 51941

EXPLOIT

The reporters of this issue have developed a proof-of-concept. Please see the references for more information.

Trust: 0.3

sources: BID: 51941

PRICE

Free

Trust: 0.3

sources: BID: 51941

TYPE

Unknown

Trust: 0.3

sources: BID: 51941

CREDITS

amisto0x07 and Z0mb1E

Trust: 0.3

sources: BID: 51941

EXTERNAL IDS

db:	ICS CERT ALERT	id:	ICS-ALERT-12-039-01	Trust: 0.3
db:	BID	id:	51941	Trust: 0.3

sources: BID: 51941

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-12-039-01.pdf	Trust: 0.3
url:	http://webaccess.advantech.com/product.php	Trust: 0.3

sources: BID: 51941

SOURCES

db:

BID

id:

51941

LAST UPDATE DATE

2022-07-27T09:30:25.511000+00:00

SOURCES UPDATE DATE

db:

BID

id:

51941

date:

2012-02-09T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

51941

date:

2012-02-09T00:00:00