ABB MicroSCADA Vulnerability

December 20, 2013

ABB MicroSCADA provides monitoring, gateway, integrate control, redundancy, reporting and other functionalities to substation automation. Upon installation of ABB MicroSCADA, an program named wserver.exe is also deployed.

A stack buffer overflow vulnerability exists in wserver.exe of ABB MicroSCADA. The vulnerability is due to insufficient input validation of remote execution calls. A remote attacker can exploit this vulnerability by sending crafted calls to wserver.exe. Successful exploitation could lead to arbitrary code execution in the security context of the vulnerable program.

Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 5178 ABB MicroSCADA Remote Code Execution