Security News

Broadwin WebAccess Client Format String Attack (Sept 8, 2011)

By

Supervisory Control and Data Acquisition (SCADA), generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes. A SCADA system usually consists of the following subsystems: a human-machine interface or HMI, a supervisory (computer) system, remote terminal units (RTUs) connecting to sensors in the process, Programmable logic controller (PLCs) used as field devices and communication infrastructure. Broadwin Technology is one of the vendors that manufacture SCADA systems. Browser-based Human-Machine Interface (HMI) and Supervisory Control and Data Acquisition (SCADA) software are two of their main products.

Broadwin’s WebAccess is the client component of their SCADA system. It provides an ActiveX component designed to run in an Internet Explorer (IE) session. The ActiveX control is associated with CLSID “5C2A52BD-2250-4F6B-A4D2-D1D00FCD748C”, and ProgID “BWOCXRUN.BwocxrunCtrl.1”. It can be instantiated in a web page using the tag or via scripting. The following example demonstrate how this ActiveX control can be instantiated:



A format string code execution vulnerability exists in the Broadwin Technology’s WebAccess client ActiveX component nbwocxrun.ocx. The vulnerability is due to insufficient input validation when handling one of the parameters in calls to the BWOCXRUN.BwocxrunCtrl.1 method. A remote unauthenticated attacker can exploit this vulnerability by enticing a target client to view a crafted HTML document, ASP page, or various other media. Successful exploitation could result in execution of arbitrary code within the security context of the target user.


SonicWALL UTM team has researched this vulnerability and created the following IPS signature to prevent/detect attacks addressing this vulnerability.


    

  • 1801 Broadwin WebAccess Client Format String Attack
    • 



This vulnerability has not been assigned with an ID by CVE.



				

					
					
				

			
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories

	
			New Drive By Download exploits Latest Java Vulnerabilities (June 7, 2013)	

	
			Microsoft out-of-band Security Advisory for Graphics Component (Nov 5, 2013)	

	
			Cyber Security News & Trends – 01-31-20	

	
			Redosdru.V Malware that hides in encrypted DLL files to avoid detection by Firewalls (May 11,2016)	

	
			Argus Ransomware actively spreading in the wild.	

	
			Samsung Kies Remote Command Execution (Oct 26, 2012)	

	
			Microsoft Security Bulletin Coverage for November 2018	

	
			New MSN messenger worm - Agent.LVB (Nov 25, 2009)	

				
				

				

			

		


						

	


			

			
				


					
		
		
		                            Apache Range Header Processing DoS (Sep 1, 2011)                                                                New Screen Lock Ransomware poses as Microsoft License Manager (Sept 9, 2011...            






				


					

						
Pin It on Pinterest