ABB MicroSCADA Wserver wserver.exe EXECUTE Remote Code Execution Vulnerability

ID ZDI-13-270
Type zdi
Reporter Brian Gorenc HP Zero Day Initiative
Modified 2013-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable process.