Security News

Broadwin WebAccess Client Format String Attack (Sept 8, 2011)

By

Supervisory Control and Data Acquisition (SCADA), generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes. A SCADA system usually consists of the following subsystems: a human-machine interface or HMI, a supervisory (computer) system, remote terminal units (RTUs) connecting to sensors in the process, Programmable logic controller (PLCs) used as field devices and communication infrastructure. Broadwin Technology is one of the vendors that manufacture SCADA systems. Browser-based Human-Machine Interface (HMI) and Supervisory Control and Data Acquisition (SCADA) software are two of their main products.

Broadwin’s WebAccess is the client component of their SCADA system. It provides an ActiveX component designed to run in an Internet Explorer (IE) session. The ActiveX control is associated with CLSID “5C2A52BD-2250-4F6B-A4D2-D1D00FCD748C”, and ProgID “BWOCXRUN.BwocxrunCtrl.1”. It can be instantiated in a web page using the tag or via scripting. The following example demonstrate how this ActiveX control can be instantiated:



A format string code execution vulnerability exists in the Broadwin Technology’s WebAccess client ActiveX component nbwocxrun.ocx. The vulnerability is due to insufficient input validation when handling one of the parameters in calls to the BWOCXRUN.BwocxrunCtrl.1 method. A remote unauthenticated attacker can exploit this vulnerability by enticing a target client to view a crafted HTML document, ASP page, or various other media. Successful exploitation could result in execution of arbitrary code within the security context of the target user.


SonicWALL UTM team has researched this vulnerability and created the following IPS signature to prevent/detect attacks addressing this vulnerability.


    

  • 1801 Broadwin WebAccess Client Format String Attack
    • 



This vulnerability has not been assigned with an ID by CVE.



				

					
					
				

			
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories

	
			Critical flaw in the Cisco Prime Infrastructure leads to arbitrary file Upload and command execution	

	
			MarraCrypt Ransomware actively spreading in the wild	

	
			Lockbit 2.0, the ransomware behind the Accenture breach	

	
			Zyxel IKE Remote Command Execution	

	
			Microsoft Security Bulletin Coverage for March 2023	

	
			Fake UPS label creator drops Java-based jRAT Trojan	

	
			Hackers Attack Websites with Ransomware - April 2018	

	
			Mobef ransomware actively spreading in the wild	

				
				

				

			

		


						

	


			

			
				


					
		
		
		                            Apache Range Header Processing DoS (Sep 1, 2011)                                                                New Screen Lock Ransomware poses as Microsoft License Manager (Sept 9, 2011...            






				


					

						
Pin It on Pinterest