WebAccess is the first fully web browser-based software package for
human-machine interfaces (HMI), and supervisory control and data
acquisition (SCADA). bwocxrun.ocx ActiveX component is prone to
a remote code execution vulnerability by combination of some ActiveX
methods to creating a arbitrary file in arbitrary location.
the following exploit take advantage of windows WMI and .mof files
to execute arbitrary code on the target machine.
-Snake ( Shahriyar.j < at > gmail )