{
	"id": "cd38a327-a2c9-4062-a9e4-d201bf02f421",
	"created_at": "2026-04-06T00:06:28.101069Z",
	"updated_at": "2026-04-10T03:21:33.699162Z",
	"deleted_at": null,
	"sha1_hash": "a9721a5d156b7750de34f1869c424ca0ea58dd77",
	"title": "Advantech/Broadwin WebAccess RPC Vulnerability (Update B) | CISA",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 56190,
	"plain_text": "Advantech/Broadwin WebAccess RPC Vulnerability (Update B) |\r\nCISA\r\nPublished: 2018-09-06 · Archived: 2026-04-05 21:52:03 UTC\r\nOVERVIEW\r\nThis updated advisory is a follow-up to the updated advisory titled ICSA-11-094-02A Advantech/Broadwin\r\nWebAccess RPC Vulnerability that was published November 4, 2011, on the NCCIC/ICS‑CERT Web site.\r\n--------- Begin Update B Part 1 of 5 --------\r\nIndependent security researcher Rubén Santamarta has identified details and released exploit code for a Remote\r\nProcedure Call (RPC) vulnerability in the Advantech WebAccess and legacy BroadWin WebAccess software\r\n(WebAccess). This is a Web browser‑based human-machine interface (HMI) product. This RPC vulnerability\r\naffects the WebAccess Network Service on Port 4592/TCP and allows remote code execution.\r\nAdvantech has provided a free version upgrade that mitigates this vulnerability for any licensed user of any\r\nprevious version of WebAccess.\r\n--------- End Update B Part 1 of 5 ----------\r\nAFFECTED PRODUCTS\r\n--------- Begin Update B Part 2 of 5 --------\r\nThis vulnerability affects all versions of WebAccess prior to Version 7.1 2013.05.30, including all legacy versions\r\nof either Advantech WebAccess or BroadWin WebAccess.\r\n--------- End Update B Part 2 of 5 ----------\r\nIMPACT\r\nThe successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code.\r\nThe full impact to individual organizations is dependent on multiple factors unique to each organization. The\r\nNCCIC/ICS‑CERT recommends that organizations evaluate the impact of this vulnerability based on their\r\nenvironment, architecture, and operational product implementation.\r\nBACKGROUND\r\n--------- Begin Update B Part 3 of 5 --------\r\nhttps://www.us-cert.gov/ics/advisories/ICSA-11-094-02B\r\nPage 1 of 3\n\nAdvantech/Broadwin WebAccess is a Web-based HMI product used in energy, manufacturing, and building\r\nautomation systems. The installation base is across Asia; North, Central, and South America; North Africa; the\r\nMiddle East; and Europe. WebAccess Client software is available for desktop computers and laptops running\r\nWindows 2000, XP, Vista, Server 2003, Windows 7, and Windows 8. A thin-client interface is available for\r\nWindows CE and Windows Mobile 5.0.\r\n--------- End Update B Part 3 of 5 ----------\r\nVULNERABILITY CHARACTERIZATION\r\nVULNERABILITY OVERVIEW\r\n--------- Begin Update B Part 4 of 5 --------\r\nCODE INJECTIONCWE-94: Improper Control of Generation of Code ('Code Injection'),\r\nhttp://cwe.mitre.org/data/definitions/94.html, Web site last accessed January 07, 2014.\r\nThis vulnerability exploits an RPC vulnerability in WebAccess Network Service on 4592/TCP.\r\nCVE-2011-4041NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4041, NIST uses this advisory\r\nto create the CVE Web site report. This Web site will be active sometime after publication of this advisory.  has\r\nbeen assigned to this vulnerability. A CVSS v2 base score of 10.0 has been assigned; the CVSS vector string is\r\n(AV:N/AC:L/Au:N/C:C/I:C/A:C).CVSS Calculator, http://nvd.nist.gov/cvss.cfm?\r\nversion=2\u0026vector=AV:N/AC:L/Au:N/C:C/I:C/A:C, Web site last accessed January 07, 2014.\r\n--------- End Update B Part 4 of 5 ----------\r\nVULNERABILITY DETAILS\r\nEXPLOITABILITY\r\nAn attacker can initiate this exploit from a remote machine without user interaction.\r\nEXISTENCE OF EXPLOIT\r\nAn exploit of this vulnerability has been posted publicly.\r\nDIFFICULTY\r\nThis vulnerability requires a moderate level of skill to exploit.\r\nMITIGATION\r\n--------- Begin Update B Part 5 of 5 --------\r\nhttps://www.us-cert.gov/ics/advisories/ICSA-11-094-02B\r\nPage 2 of 3\n\nAdvantech has released a new version of WebAccess that mitigates this vulnerability. Users may upgrade to the\r\nlatest version from any previous version of WebAccess at no charge. Download the latest version of WebAccess\r\n(V 7.1 2013.05.30) from the following location on the Advantech Web site:\r\nhttp://support.advantech.com.tw/support/DownloadSRDetail_New.aspx?SR_ID=1-\r\nMS9MJV\u0026Doc_Source=Download.\r\nAdvantech has also created the following site to share additional information about WebAccess:\r\nhttp://webaccess.advantech.com/ .\r\nPrior to the release of this new version, customers using WebAccess should refer to security considerations\r\nrecommended by Advantech in the WebAccess Installation Manual:\r\nhttp://advantech.vo.llnwd.net/o35/www/webaccess/driver_manual/Advantech-WebAccess-User-Manual.chm.\r\nFor further assistance, contact Advantech support at +1-877-451-6868.\r\n--------- End Update B Part 5 of 5 ----------\r\nOrganizations that observe any suspected malicious activity should follow their established internal procedures\r\nand report their findings to NCCIC/ICS-CERT for tracking and correlation against other incidents.\r\nNCCIC/ICS‑CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking\r\ndefensive measures.\r\nNCCIC/ICS-CERT also provides a section for control systems security recommended practices on the\r\nNCCIC/ICS-CERT Web site at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended\r\npractices are available for reading or download, including Improving Industrial Control Systems Cybersecurity\r\nwith Defense-in-Depth Strategies.\r\nSource: https://www.us-cert.gov/ics/advisories/ICSA-11-094-02B\r\nhttps://www.us-cert.gov/ics/advisories/ICSA-11-094-02B\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.us-cert.gov/ics/advisories/ICSA-11-094-02B"
	],
	"report_names": [
		"ICSA-11-094-02B"
	],
	"threat_actors": [],
	"ts_created_at": 1775433988,
	"ts_updated_at": 1775791293,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a9721a5d156b7750de34f1869c424ca0ea58dd77.pdf",
		"text": "https://archive.orkl.eu/a9721a5d156b7750de34f1869c424ca0ea58dd77.txt",
		"img": "https://archive.orkl.eu/a9721a5d156b7750de34f1869c424ca0ea58dd77.jpg"
	}
}