Vulnerability-Lookup

VAR-201404-0543

Vulnerability from variot - Updated: 2025-09-21 23:04

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied AccessCode2 string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess fails to properly filter user input when processing Username parameters, allowing remote attackers to exploit vulnerabilities to submit special parameters that trigger stack buffer overflows, allowing applications to crash or execute arbitrary code. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "advantech",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "advantech",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "advantech",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "advantech",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "advantech",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "advantech",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": null,
        "trust": 0.7,
        "vendor": "advantech",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "advantech webaccess",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "advantech webaccess",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "advantech webaccess",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "advantech webaccess",
        "version": "*"
      },
      {
        "_id": null,
        "model": "broadwin webaccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "advantech",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245"
      },
      {
        "db": "BID",
        "id": "66732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0768"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:advantech:advantech_webaccess",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Tom Gallagher",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-116"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-0768",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ics-cert@hq.dhs.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0768",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 3.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2014-02245",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "3013e55a-1edf-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "167bb862-2352-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-68261",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "ics-cert@hq.dhs.gov",
            "id": "CVE-2014-0768",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0768",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0768",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2014-0768",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-02245",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201404-174",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "3013e55a-1edf-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "167bb862-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-68261",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0768"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0768"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "An attacker may pass an overly long value from the AccessCode2 argument \nto the control to overflow the static stack buffer. The attacker may \nthen remotely execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied AccessCode2 string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess fails to properly filter user input when processing Username parameters, allowing remote attackers to exploit vulnerabilities to submit special parameters that trigger stack buffer overflows, allowing applications to crash or execute arbitrary code. Advantech WebAccess is prone to a stack-based buffer-overflow  vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a  denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245"
      },
      {
        "db": "BID",
        "id": "66732"
      },
      {
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68261"
      }
    ],
    "trust": 3.51
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0768",
        "trust": 4.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-079-03",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "66732",
        "trust": 2.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-174",
        "trust": 1.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "66740",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-2013",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-116",
        "trust": 0.7
      },
      {
        "db": "OSVDB",
        "id": "105567",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "57873",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "3013E55A-1EDF-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "167BB862-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-68261",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68261"
      },
      {
        "db": "BID",
        "id": "66732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0768"
      }
    ]
  },
  "id": "VAR-201404-0543",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68261"
      }
    ],
    "trust": 1.7511770050000002
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245"
      }
    ]
  },
  "last_update_date": "2025-09-21T23:04:14.113000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Advantech WebAccess",
        "trust": 0.8,
        "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx"
      },
      {
        "title": "Downloads ::: WebAccess Software",
        "trust": 0.8,
        "url": "http://webaccess.advantech.com/downloads.php?item=software"
      },
      {
        "title": "Advantech has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
      },
      {
        "title": "Advantech WebAccess userName parameter handles patch buffer overflow vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/44784"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-121",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0768"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 3.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/66732"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/66740"
      },
      {
        "trust": 1.0,
        "url": "http://webaccess.advantech.com/"
      },
      {
        "trust": 1.0,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0768"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0768"
      },
      {
        "trust": 0.6,
        "url": "http://osvdb.com/show/osvdb/105567"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/57873"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0768"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-116",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02245",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-68261",
        "ident": null
      },
      {
        "db": "BID",
        "id": "66732",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-174",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0768",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2014-04-11T00:00:00",
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "date": "2014-04-11T00:00:00",
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "date": "2014-04-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-116",
        "ident": null
      },
      {
        "date": "2014-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-02245",
        "ident": null
      },
      {
        "date": "2014-04-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68261",
        "ident": null
      },
      {
        "date": "2014-04-08T00:00:00",
        "db": "BID",
        "id": "66732",
        "ident": null
      },
      {
        "date": "2014-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-174",
        "ident": null
      },
      {
        "date": "2014-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001979",
        "ident": null
      },
      {
        "date": "2014-04-12T04:37:31.597000",
        "db": "NVD",
        "id": "CVE-2014-0768",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2014-04-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-116",
        "ident": null
      },
      {
        "date": "2014-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-02245",
        "ident": null
      },
      {
        "date": "2015-07-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68261",
        "ident": null
      },
      {
        "date": "2014-09-03T14:26:00",
        "db": "BID",
        "id": "66732",
        "ident": null
      },
      {
        "date": "2014-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-174",
        "ident": null
      },
      {
        "date": "2014-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001979",
        "ident": null
      },
      {
        "date": "2025-09-19T20:15:37.343000",
        "db": "NVD",
        "id": "CVE-2014-0768",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-174"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001979"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "3013e55a-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "167bb862-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-174"
      }
    ],
    "trust": 1.0
  }
}

CVE-2014-0768 (GCVE-0-2014-0768)

Vulnerability from cvelistv5 – Published: 2014-04-12 01:00 – Updated: 2025-09-19 19:12

Title

Advantech WebAccess Stack-based Buffer Overflow

Summary

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.

Severity ?

No CVSS data available.

CWE

CWE-121

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	http://www.securityfocus.com/bid/66740	vdb-entryx_refsource_BID
	http://webaccess.advantech.com/

Impacted products

	Vendor	Product	Version
	Advantech	WebAccess	Affected: 0 , ≤ 7.1 (custom) Unaffected: 7.2

Credits

Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP’s Zero Day Initiative (ZDI)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
          },
          {
            "name": "66732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66732"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WebAccess",
          "vendor": "Advantech",
          "versions": [
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "7.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP\u2019s Zero Day Initiative (ZDI)"
        }
      ],
      "datePublic": "2014-04-08T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\nAn attacker may pass an overly long value from the AccessCode2 argument \nto the control to overflow the static stack buffer. The attacker may \nthen remotely execute arbitrary code.\n\n\u003c/p\u003e"
            }
          ],
          "value": "An attacker may pass an overly long value from the AccessCode2 argument \nto the control to overflow the static stack buffer. The attacker may \nthen remotely execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T19:12:29.569Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
        },
        {
          "name": "66740",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66740"
        },
        {
          "url": "http://webaccess.advantech.com/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAdvantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/downloads.php?item=software\"\u003ehttp://webaccess.advantech.com/downloads.php?item=software\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor additional information about WebAccess, please visit the following Advantech web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\"\u003ehttp://webaccess.advantech.com/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Advantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u00a0 http://webaccess.advantech.com/downloads.php?item=software \n\nFor additional information about WebAccess, please visit the following Advantech web site:\u00a0 http://webaccess.advantech.com/"
        }
      ],
      "source": {
        "advisory": "ICSA-14-079-03",
        "discovery": "EXTERNAL"
      },
      "title": "Advantech WebAccess Stack-based Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0763",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
            },
            {
              "name": "66740",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66740"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0768",
    "datePublished": "2014-04-12T01:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2025-09-19T19:12:29.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-201404-0543

CVE-2014-0768 (GCVE-0-2014-0768)

Tags

Sightings

Nomenclature