cbcvebase.
CVE-2011-4041
published 2012-02-06

CVE-2011-4041: webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC…

PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.90%
96.8th percentile
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.

Detection & IOCsextracted from sources · hover to see the quote

port4592/TCP
processwebvrpcs.exe
  • Monitor for unusually long strings sent in RPC requests to TCP port 4592 targeting webvrpcs.exe — this is the attack vector for the buffer overflow/code injection exploit.
  • An attacker can initiate this exploit from a remote machine without user interaction — treat any unsolicited inbound connection to port 4592/TCP as high-priority alert.
  • A public exploit has been released for this vulnerability; correlate IDS/firewall hits on port 4592/TCP against known exploit-db artifact 35495.
  • ·All versions of WebAccess prior to Version 7.1 2013.05.30 are vulnerable, including all legacy BroadWin WebAccess versions — scope detection rules accordingly.
  • ·The WebAccess client runs on Windows 2000, XP, Vista, Server 2003, Windows 7, and Windows 8 — endpoint detection should cover this broad OS range in OT/ICS environments.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.