CVE-2011-4041
published 2012-02-06CVE-2011-4041: webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC…
PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.90%
96.8th percentile
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unusually long strings sent in RPC requests to TCP port 4592 targeting webvrpcs.exe — this is the attack vector for the buffer overflow/code injection exploit. ↗
- →An attacker can initiate this exploit from a remote machine without user interaction — treat any unsolicited inbound connection to port 4592/TCP as high-priority alert. ↗
- →A public exploit has been released for this vulnerability; correlate IDS/firewall hits on port 4592/TCP against known exploit-db artifact 35495. ↗
- ·All versions of WebAccess prior to Version 7.1 2013.05.30 are vulnerable, including all legacy BroadWin WebAccess versions — scope detection rules accordingly. ↗
- ·The WebAccess client runs on Windows 2000, XP, Vista, Server 2003, Windows 7, and Windows 8 — endpoint detection should cover this broad OS range in OT/ICS environments. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech/Broadwin WebAccess RPC Vulnerability (Update B)
cisa_ics·2011-11-04
Advantech/Broadwin WebAccess RPC Vulnerability (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech/Broadwin WebAccess RPC Vulnerability (Update B)
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-094-02B
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-11-094-02A Advantech/Broadwin WebAccess RPC Vulnerability that was published November 4, 2011, on the NCCIC/ICS‑CERT Web site.
## --------- Begin Update B Part 1 of 5 --------
Independent security researcher Rubén Santamarta has identified details and released exploit code for a Remote Procedure Call (RPC) vulnerability in the Advantech WebAccess and legacy BroadWin WebAccess soft
GHSA
GHSA-676g-gcjx-g33f: webvrpcs
ghsa_unreviewed·2022-05-17
CVE-2011-4041 [HIGH] CWE-94 GHSA-676g-gcjx-g33f: webvrpcs
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
No detection rules found.
No writeups or analysis indexed.
http://reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdfhttp://www.reversemode.com/downloads/exploit_advantech.ziphttp://www.securityfocus.com/archive/1/517117http://www.securityfocus.com/bid/47008http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdfhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdfhttp://reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdfhttp://www.reversemode.com/downloads/exploit_advantech.ziphttp://www.securityfocus.com/archive/1/517117http://www.securityfocus.com/bid/47008http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdfhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf
2012-02-06
Published