Main Vulnerability Database Vulnerabilities #VU41832

#VU41832 Input validation error in Advantech WebAccess - CVE-2014-0773

Published: April 12, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41832

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0773

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Advantech WebAccess

Software vendor:
Advantech Co., Ltd

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Remediation

Install update from vendor's website.

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03

#VU41832 Input validation error in Advantech WebAccess - CVE-2014-0773

Description

Remediation

External links

Please verify you're human