ICS-CERT Publishes new Advantech BroadWin Alert

Yesterday the DHS ICS-CERT published a new alert for the Advantech BroadWin RPC Server. The missing authentication vulnerability reported by ‘amisto0x07 and Z0mb1E’ could lead to a DOS attack or the remote execution of arbitrary code.

This vulnerability is very similar to one reported by Ruben Santamarta back in March of last year, but ICS-CERT maintains that this reported vulnerability deals with a separate issue on the same port (and an additional report), justifying the separate alert.