Home -> Resources -> SCADA/ICS Vulnerability Reference -> Advantech BroadWin WebAccess Client

Multiple ActiveX Vulnerabilities in Advantech BroadWin WebAccess Client

September 2, 2011

Security researcher Luigi Auriemma has discovered multiple vulnerabilities in the Advantech BroadWin WebAccess Client making it prone to multiple remote vulnerabilities, including:

1. A format-string vulnerability
2. Multiple memory corruption vulnerabilities

Attackers could exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions. BroadWin WebAccess Client 7.0 is vulnerable; other verisons may also be affected.

An additional vulnerability was later discovered on November 2, 2011 by security research Shahriyar Jalayeri and is covered in Advantech BroadWin WebAccess ActiveX Vulnerability.

ICS-CERT Advisories / Alerts

ICS-ALERT-11-245-01
ICS-ALERT-11-306-01

Vendor Website (include Patches / Hotfixes)

Advantech WebAccess Browser-based HMI/SCADA Software
Advantech WebAccess Demo Software

Exploit Proof-of-Concept

bwocxrun_1.zip

Common Vulnerability & Exposure (CVE) References

Not available at this time.

Additional Information

Disclosure (Luigi Auriemma)
Exploit-DB ID 17772
IBM Internet Security Systems ID 69553
Open-Source Vulnerability Database #74897
Open-Source Vulnerability Database #74898
Secunia Advisory #45820
Secunia Vulnerability Report and Statistics on BroadWin BWOCXRUN ActiveX Control 1.x
Secunia Vulnerability Report and Statistics on BroadWin WebAccess Client 7.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 49428

HMI Vulnerabilities Released (ISSSource)
SCADA/HMI ActiveX Hole Found (ISSSource)

Additional information:
Advantech BroadWin WebAccess ActiveX Vulnerability