Details of VAR-201404-0540

ID

VAR-201404-0540

CVE

CVE-2014-0765

TITLE

Advantech WebAccess GotoCmd Parameter Handling Stack Buffer Overflow Vulnerability

Trust: 1.2

sources: IVD: 6e57a0f4-1edf-11e6-abef-000c29c66e3d // IVD: 7d7dc830-463f-11e9-b94d-000c29342cb1 // IVD: 1685972e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02270

DESCRIPTION

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied GotoCmd string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess fails to properly filter user input when processing GotoCmd parameters, allowing remote attackers to exploit vulnerabilities to submit special parameters that trigger stack buffer overflows, allowing applications to crash or execute arbitrary code. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions

Trust: 3.69

sources: NVD: CVE-2014-0765 // JVNDB: JVNDB-2014-001976 // ZDI: ZDI-14-072 // CNVD: CNVD-2014-02270 // BID: 66722 // IVD: 6e57a0f4-1edf-11e6-abef-000c29c66e3d // IVD: 7d7dc830-463f-11e9-b94d-000c29342cb1 // IVD: 1685972e-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68258

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 6e57a0f4-1edf-11e6-abef-000c29c66e3d // IVD: 7d7dc830-463f-11e9-b94d-000c29342cb1 // IVD: 1685972e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02270

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	eq	version:	5.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	6.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.1	Trust: 1.2
vendor:	advantech	model:	webaccess	scope:	lte	version:	7.1	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	lt	version:	7.2	Trust: 0.8
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech webaccess	model:	-	scope:	eq	version:	5.0	Trust: 0.6
vendor:	advantech webaccess	model:	-	scope:	eq	version:	6.0	Trust: 0.6
vendor:	advantech webaccess	model:	-	scope:	eq	version:	7.0	Trust: 0.6
vendor:	advantech webaccess	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	advantech	model:	broadwin webaccess	scope:	eq	version:	7.0	Trust: 0.3

sources: IVD: 6e57a0f4-1edf-11e6-abef-000c29c66e3d // IVD: 7d7dc830-463f-11e9-b94d-000c29342cb1 // IVD: 1685972e-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-072 // CNVD: CNVD-2014-02270 // BID: 66722 // CNNVD: CNNVD-201404-171 // JVNDB: JVNDB-2014-001976 // NVD: CVE-2014-0765

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-0765
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2014-0765
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0765
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-0765
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2014-02270
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-171
value:	HIGH
Trust: 0.6
IVD:	6e57a0f4-1edf-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	7d7dc830-463f-11e9-b94d-000c29342cb1
value:	HIGH
Trust: 0.2
IVD:	1685972e-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-68258
value:	HIGH
Trust: 0.1

ics-cert@hq.dhs.gov:	CVE-2014-0765
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.5
CNVD:	CNVD-2014-02270
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6e57a0f4-1edf-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d7dc830-463f-11e9-b94d-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	1685972e-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68258
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 6e57a0f4-1edf-11e6-abef-000c29c66e3d // IVD: 7d7dc830-463f-11e9-b94d-000c29342cb1 // IVD: 1685972e-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-072 // CNVD: CNVD-2014-02270 // VULHUB: VHN-68258 // CNNVD: CNNVD-201404-171 // JVNDB: JVNDB-2014-001976 // NVD: CVE-2014-0765 // NVD: CVE-2014-0765

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-121	Trust: 1.0

sources: VULHUB: VHN-68258 // JVNDB: JVNDB-2014-001976 // NVD: CVE-2014-0765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-171

TYPE

Buffer overflow

Trust: 1.2

sources: IVD: 6e57a0f4-1edf-11e6-abef-000c29c66e3d // IVD: 7d7dc830-463f-11e9-b94d-000c29342cb1 // IVD: 1685972e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-171

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001976

PATCH

title:	Advantech WebAccess	url:	http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx	Trust: 0.8
title:	Downloads ::: WebAccess Software	url:	http://webaccess.advantech.com/downloads.php?item=software	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03	Trust: 0.7
title:	Advantech WebAccess GotoCmd parameter handles patch buffer overflow vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/44792	Trust: 0.6
title:	AdvantechWebAccessCHNNode_2014.03.03_3.3.1	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49251	Trust: 0.6

sources: ZDI: ZDI-14-072 // CNVD: CNVD-2014-02270 // CNNVD: CNNVD-201404-171 // JVNDB: JVNDB-2014-001976

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0765	Trust: 4.7
db:	ICS CERT	id:	ICSA-14-079-03	Trust: 3.1
db:	BID	id:	66722	Trust: 2.0
db:	CNNVD	id:	CNNVD-201404-171	Trust: 1.3
db:	CNVD	id:	CNVD-2014-02270	Trust: 1.2
db:	BID	id:	66740	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001976	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2010	Trust: 0.7
db:	ZDI	id:	ZDI-14-072	Trust: 0.7
db:	OSVDB	id:	105564	Trust: 0.6
db:	SECUNIA	id:	57873	Trust: 0.6
db:	IVD	id:	6E57A0F4-1EDF-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D7DC830-463F-11E9-B94D-000C29342CB1	Trust: 0.2
db:	IVD	id:	1685972E-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-68258	Trust: 0.1

sources: IVD: 6e57a0f4-1edf-11e6-abef-000c29c66e3d // IVD: 7d7dc830-463f-11e9-b94d-000c29342cb1 // IVD: 1685972e-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-072 // CNVD: CNVD-2014-02270 // VULHUB: VHN-68258 // BID: 66722 // CNNVD: CNNVD-201404-171 // JVNDB: JVNDB-2014-001976 // NVD: CVE-2014-0765

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-079-03	Trust: 3.8
url:	http://www.securityfocus.com/bid/66722	Trust: 1.1
url:	http://www.securityfocus.com/bid/66740	Trust: 1.0
url:	http://webaccess.advantech.com/	Trust: 1.0
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0765	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0765	Trust: 0.8
url:	http://osvdb.com/show/osvdb/105564	Trust: 0.6
url:	http://secunia.com/advisories/57873	Trust: 0.6

sources: ZDI: ZDI-14-072 // CNVD: CNVD-2014-02270 // VULHUB: VHN-68258 // CNNVD: CNNVD-201404-171 // JVNDB: JVNDB-2014-001976 // NVD: CVE-2014-0765

CREDITS

Tom Gallagher

Trust: 0.7

sources: ZDI: ZDI-14-072

SOURCES

db:	IVD	id:	6e57a0f4-1edf-11e6-abef-000c29c66e3d
db:	IVD	id:	7d7dc830-463f-11e9-b94d-000c29342cb1
db:	IVD	id:	1685972e-2352-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-14-072
db:	CNVD	id:	CNVD-2014-02270
db:	VULHUB	id:	VHN-68258
db:	BID	id:	66722
db:	CNNVD	id:	CNNVD-201404-171
db:	JVNDB	id:	JVNDB-2014-001976
db:	NVD	id:	CVE-2014-0765

LAST UPDATE DATE

2025-09-21T23:04:13.900000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-072	date:	2014-04-10T00:00:00
db:	CNVD	id:	CNVD-2014-02270	date:	2014-04-11T00:00:00
db:	VULHUB	id:	VHN-68258	date:	2015-07-09T00:00:00
db:	BID	id:	66722	date:	2014-04-17T00:40:00
db:	CNNVD	id:	CNNVD-201404-171	date:	2014-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-001976	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-0765	date:	2025-09-19T20:15:36.003

SOURCES RELEASE DATE

db:	IVD	id:	6e57a0f4-1edf-11e6-abef-000c29c66e3d	date:	2014-04-11T00:00:00
db:	IVD	id:	7d7dc830-463f-11e9-b94d-000c29342cb1	date:	2014-04-11T00:00:00
db:	IVD	id:	1685972e-2352-11e6-abef-000c29c66e3d	date:	2014-04-11T00:00:00
db:	ZDI	id:	ZDI-14-072	date:	2014-04-10T00:00:00
db:	CNVD	id:	CNVD-2014-02270	date:	2014-04-11T00:00:00
db:	VULHUB	id:	VHN-68258	date:	2014-04-12T00:00:00
db:	BID	id:	66722	date:	2014-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201404-171	date:	2014-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-001976	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-0765	date:	2014-04-12T04:37:31.503