1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: ABB MicroSCADA "wserver.exe" RCE

Attack: ABB MicroSCADA "wserver.exe" RCE

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt of leveraging a stack corruption in the ABB MicroSCADA 'wserver.exe' component which may leads to remote code execution.

Additional Information

ABB MicroSCADA is a system for real-time monitoring and control of primary and secondary equipment.

ABB MicroSCADA is prone to a code-execution vulnerability because it fails to properly bounds check user-supplied input. Specifically, this issue occurs due to stack corruption in the 'wserver.exe' component.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application.

Affected

  • MicroSCADA, COM 500 4.1, 4.2
  • MicroSCADA, SYS 500 8.4.5
  • MicroSCADA Pro, SYS 600 9.0, 9.1, 9.1.5, 9.2, 9.3, 9.3 FP1, 9.3 FP2

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube