BroadWin WebAccess SCADA/HMI Client Remote Code Execution



EKU-ID: 1213 CVE: OSVDB-ID:
Author: Snake Published: 2011-10-31 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: BroadWin WebAccess SCADA/HMI Client Remote Code
Execution Vulnerability [0day]
# Date: 11/30/2011
# Author: Snake ( Shahriyar.j < at > gmail )
# Tested on: XP SP3 , IE6
# CVE : NO-CVE
# just for fun

WebAccess is the first fully web browser-based software package for
human-machine interfaces (HMI), and supervisory control and data
acquisition (SCADA). bwocxrun.ocx ActiveX component is prone to
a remote code execution vulnerability by combination of some ActiveX
methods to creating a arbitrary file in arbitrary location.
the following exploit take advantage of windows WMI and .mof files
to execute arbitrary code on the target machine.

-Snake ( Shahriyar.j < at > gmail )
 twitter.com/ponez

Exploit: http://www.exploit-db.com/sploits/18051.zip

Ref :
*http://broadwin.com/Client.htm
*http://www.exploit-db.com/exploits/17772/
*Metasploit Mof Generator