Sign-up

ID

VAR-201202-0350


TITLE

Advantech/Broadwin HMI/SCADA RPC Remote code execution vulnerability

Trust: 0.8

sources: IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0779

DESCRIPTION

BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation. A vulnerability exists in the implementation of Advantech/Broadwin HMI/SCADA WebAccess 6.x.x/7.x.x that could be exploited by a remote attacker to execute arbitrary code on the system

Trust: 0.72

sources: CNVD: CNVD-2012-0779 // IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0779

AFFECTED PRODUCTS

vendor:advantechmodel:broadwin scada webaccessscope:eqversion:6.x.x

Trust: 0.8

vendor:advantechmodel:broadwin scada webaccessscope:eqversion:7.x.x

Trust: 0.6

vendor:advantechmodel:broadwin scada webaccessscope:eqversion:7.x.x*

Trust: 0.2

sources: IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0779

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.0
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0 [IVD]

Trust: 0.2

sources: IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d

TYPE

Input validation

Trust: 0.2

sources: IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:CNVDid:CNVD-2012-0779

Trust: 0.8

db:PACKETSTORMid:109474

Trust: 0.6

db:IVDid:881D6CF0-1F73-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 881d6cf0-1f73-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0779

REFERENCES

url:http://packetstormsecurity.org/files/109474/webaccess.universal.exploit.rar

Trust: 0.6

sources: CNVD: CNVD-2012-0779

SOURCES

db:IVDid:881d6cf0-1f73-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0779

LAST UPDATE DATE

2022-05-17T02:01:17.886000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0779date:2012-02-21T00:00:00

SOURCES RELEASE DATE

db:IVDid:881d6cf0-1f73-11e6-abef-000c29c66e3ddate:2012-02-21T00:00:00
db:CNVDid:CNVD-2012-0779date:2012-02-21T00:00:00