ABB MicroSCADA wserver.exe command execution

Added: 12/09/2013
BID: 63901
OSVDB: 100324

Background

MicroSCADA Pro is a substation automation product from ABB.

Problem

A vulnerability in the wserver.exe process allows remote attackers to execute arbitrary commands by sending an EXECUTE request to port 12221/TCP.

Resolution

Disable wserver.exe or protect it from unauthorized access as described in ABB-VU-PSAC-1MRS235805.

References

http://www.zerodayinitiative.com/advisories/ZDI-13-270/

Limitations

Exploit works on ABB MicroSCADA Pro SYS600 9.3 on Windows and requires the wserver.exe component to be enabled.

Platforms

Windows

Back to exploit index