Details of VAR-201404-0541

ID

VAR-201404-0541

CVE

CVE-2014-0766

TITLE

Advantech WebAccess odeName2 Parameter Handling Stack Buffer Overflow Vulnerability

Trust: 1.0

sources: IVD: 0cd436b2-1edf-11e6-abef-000c29c66e3d // IVD: 168cdc96-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02242

DESCRIPTION

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied NodeName2 string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess fails to properly filter user input when processing odeName2 parameters, allowing remote attackers to exploit vulnerabilities to submit special parameters that trigger stack buffer overflows, causing applications to crash or execute arbitrary code. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions

Trust: 3.51

sources: NVD: CVE-2014-0766 // JVNDB: JVNDB-2014-001977 // ZDI: ZDI-14-073 // CNVD: CNVD-2014-02242 // BID: 66725 // IVD: 0cd436b2-1edf-11e6-abef-000c29c66e3d // IVD: 168cdc96-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68259

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 0cd436b2-1edf-11e6-abef-000c29c66e3d // IVD: 168cdc96-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02242

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	eq	version:	5.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	6.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.1	Trust: 1.2
vendor:	advantech	model:	webaccess	scope:	lte	version:	7.1	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	lt	version:	7.2	Trust: 0.8
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech webaccess	model:	-	scope:	eq	version:	5.0	Trust: 0.4
vendor:	advantech webaccess	model:	-	scope:	eq	version:	6.0	Trust: 0.4
vendor:	advantech webaccess	model:	-	scope:	eq	version:	7.0	Trust: 0.4
vendor:	advantech webaccess	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	advantech	model:	broadwin webaccess	scope:	eq	version:	7.0	Trust: 0.3

sources: IVD: 0cd436b2-1edf-11e6-abef-000c29c66e3d // IVD: 168cdc96-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-073 // CNVD: CNVD-2014-02242 // BID: 66725 // CNNVD: CNNVD-201404-172 // JVNDB: JVNDB-2014-001977 // NVD: CVE-2014-0766

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-0766
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2014-0766
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0766
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-0766
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2014-02242
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-172
value:	HIGH
Trust: 0.6
IVD:	0cd436b2-1edf-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	168cdc96-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-68259
value:	HIGH
Trust: 0.1

ics-cert@hq.dhs.gov:	CVE-2014-0766
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.5
CNVD:	CNVD-2014-02242
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0cd436b2-1edf-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	168cdc96-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68259
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 0cd436b2-1edf-11e6-abef-000c29c66e3d // IVD: 168cdc96-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-073 // CNVD: CNVD-2014-02242 // VULHUB: VHN-68259 // CNNVD: CNNVD-201404-172 // JVNDB: JVNDB-2014-001977 // NVD: CVE-2014-0766 // NVD: CVE-2014-0766

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-121	Trust: 1.0

sources: VULHUB: VHN-68259 // JVNDB: JVNDB-2014-001977 // NVD: CVE-2014-0766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-172

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: 0cd436b2-1edf-11e6-abef-000c29c66e3d // IVD: 168cdc96-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-172

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001977

PATCH

title:	Advantech WebAccess	url:	http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx	Trust: 0.8
title:	Downloads ::: WebAccess Software	url:	http://webaccess.advantech.com/downloads.php?item=software	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03	Trust: 0.7
title:	Advantech WebAccess odeName2 parameter handles patch buffer overflow vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/44777	Trust: 0.6
title:	AdvantechWebAccessCHNNode_2014.03.03_3.3.1	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49251	Trust: 0.6

sources: ZDI: ZDI-14-073 // CNVD: CNVD-2014-02242 // CNNVD: CNNVD-201404-172 // JVNDB: JVNDB-2014-001977

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0766	Trust: 4.5
db:	ICS CERT	id:	ICSA-14-079-03	Trust: 3.1
db:	BID	id:	66725	Trust: 2.0
db:	CNNVD	id:	CNNVD-201404-172	Trust: 1.1
db:	CNVD	id:	CNVD-2014-02242	Trust: 1.0
db:	BID	id:	66740	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001977	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2011	Trust: 0.7
db:	ZDI	id:	ZDI-14-073	Trust: 0.7
db:	OSVDB	id:	105565	Trust: 0.6
db:	SECUNIA	id:	57873	Trust: 0.6
db:	IVD	id:	0CD436B2-1EDF-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	168CDC96-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SEEBUG	id:	SSVID-62177	Trust: 0.1
db:	VULHUB	id:	VHN-68259	Trust: 0.1

sources: IVD: 0cd436b2-1edf-11e6-abef-000c29c66e3d // IVD: 168cdc96-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-073 // CNVD: CNVD-2014-02242 // VULHUB: VHN-68259 // BID: 66725 // CNNVD: CNNVD-201404-172 // JVNDB: JVNDB-2014-001977 // NVD: CVE-2014-0766

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-079-03	Trust: 3.8
url:	http://www.securityfocus.com/bid/66725	Trust: 1.1
url:	http://www.securityfocus.com/bid/66740	Trust: 1.0
url:	http://webaccess.advantech.com/	Trust: 1.0
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0766	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0766	Trust: 0.8
url:	http://osvdb.com/show/osvdb/105565	Trust: 0.6
url:	http://secunia.com/advisories/57873	Trust: 0.6

sources: ZDI: ZDI-14-073 // CNVD: CNVD-2014-02242 // VULHUB: VHN-68259 // CNNVD: CNNVD-201404-172 // JVNDB: JVNDB-2014-001977 // NVD: CVE-2014-0766

CREDITS

Tom Gallagher

Trust: 0.7

sources: ZDI: ZDI-14-073

SOURCES

db:	IVD	id:	0cd436b2-1edf-11e6-abef-000c29c66e3d
db:	IVD	id:	168cdc96-2352-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-14-073
db:	CNVD	id:	CNVD-2014-02242
db:	VULHUB	id:	VHN-68259
db:	BID	id:	66725
db:	CNNVD	id:	CNNVD-201404-172
db:	JVNDB	id:	JVNDB-2014-001977
db:	NVD	id:	CVE-2014-0766

LAST UPDATE DATE

2025-09-21T23:04:14.009000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-073	date:	2014-04-10T00:00:00
db:	CNVD	id:	CNVD-2014-02242	date:	2014-04-11T00:00:00
db:	VULHUB	id:	VHN-68259	date:	2015-07-09T00:00:00
db:	BID	id:	66725	date:	2014-04-17T00:40:00
db:	CNNVD	id:	CNNVD-201404-172	date:	2014-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-001977	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-0766	date:	2025-09-19T20:15:37

SOURCES RELEASE DATE

db:	IVD	id:	0cd436b2-1edf-11e6-abef-000c29c66e3d	date:	2014-04-11T00:00:00
db:	IVD	id:	168cdc96-2352-11e6-abef-000c29c66e3d	date:	2014-04-11T00:00:00
db:	ZDI	id:	ZDI-14-073	date:	2014-04-10T00:00:00
db:	CNVD	id:	CNVD-2014-02242	date:	2014-04-11T00:00:00
db:	VULHUB	id:	VHN-68259	date:	2014-04-12T00:00:00
db:	BID	id:	66725	date:	2014-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201404-172	date:	2014-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-001977	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-0766	date:	2014-04-12T04:37:31.533