CVE-2011-4041

critical

Description

webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.

References

http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf

http://www.securityfocus.com/archive/1/517117

http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf

Details

Source: Mitre, NVD

Published: 2012-02-06

Updated: 2012-12-11

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H