Details of VAR-201404-0548

ID

VAR-201404-0548

CVE

CVE-2014-0773

TITLE

Advantech WebAccess bwocxrun.ocx CreateProcess Method Remote Command Execution Vulnerability

Trust: 1.2

sources: IVD: 704a2dd2-1edf-11e6-abef-000c29c66e3d // IVD: 16b76f4c-2352-11e6-abef-000c29c66e3d // IVD: 7d7bcc5f-463f-11e9-aa10-000c29342cb1 // CNVD: CNVD-2014-02268

DESCRIPTION

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The validation can be bypassed allowing for running arbitrary command lines. The command line can specify running remote files (example: UNC command line). A function exists at offset 100019B0 of bwocxrun.ocx. Inside this function, there are 3 calls to strstr to check the contents of the user specified command line. If “\setup.exe,” “\bwvbprt.exe,” or “\bwvbprtl.exe” are contained in the command line (strstr returns nonzero value), the command line passes validation and is then passed to CreateProcessA. Advantech WebAccess of bwocxrun.ocx Inside BWOCXRUN.BwocxrunCtrl.1 ActiveX Control CreateProcess Method from any pathname (1) setup.exe , (2) bwvbprt.exe ,and (3) bwvbprtl.exe A vulnerability exists that allows program execution. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlFrom an arbitrary path name via a crafted argument by a third party (1) setup.exe , (2) bwvbprt.exe ,and (3) bwvbprtl.exe The program may be executed. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx. The control exposes a scriptable method 'CreateProcess'. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Trust: 3.69

sources: NVD: CVE-2014-0773 // JVNDB: JVNDB-2014-001983 // ZDI: ZDI-14-139 // CNVD: CNVD-2014-02268 // BID: 66742 // IVD: 704a2dd2-1edf-11e6-abef-000c29c66e3d // IVD: 16b76f4c-2352-11e6-abef-000c29c66e3d // IVD: 7d7bcc5f-463f-11e9-aa10-000c29342cb1 // VULHUB: VHN-68266

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 704a2dd2-1edf-11e6-abef-000c29c66e3d // IVD: 16b76f4c-2352-11e6-abef-000c29c66e3d // IVD: 7d7bcc5f-463f-11e9-aa10-000c29342cb1 // CNVD: CNVD-2014-02268

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	eq	version:	5.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	6.0	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.1	Trust: 1.2
vendor:	advantech	model:	webaccess	scope:	lte	version:	7.1	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	lt	version:	7.2	Trust: 0.8
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech webaccess	model:	-	scope:	eq	version:	5.0	Trust: 0.6
vendor:	advantech webaccess	model:	-	scope:	eq	version:	6.0	Trust: 0.6
vendor:	advantech webaccess	model:	-	scope:	eq	version:	7.0	Trust: 0.6
vendor:	advantech webaccess	model:	-	scope:	eq	version:	*	Trust: 0.6

sources: IVD: 704a2dd2-1edf-11e6-abef-000c29c66e3d // IVD: 16b76f4c-2352-11e6-abef-000c29c66e3d // IVD: 7d7bcc5f-463f-11e9-aa10-000c29342cb1 // ZDI: ZDI-14-139 // CNVD: CNVD-2014-02268 // CNNVD: CNNVD-201404-178 // JVNDB: JVNDB-2014-001983 // NVD: CVE-2014-0773

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-0773
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2014-0773
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0773
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-0773
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2014-02268
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-178
value:	HIGH
Trust: 0.6
IVD:	704a2dd2-1edf-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	16b76f4c-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	7d7bcc5f-463f-11e9-aa10-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-68266
value:	HIGH
Trust: 0.1

ics-cert@hq.dhs.gov:	CVE-2014-0773
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.5
CNVD:	CNVD-2014-02268
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	704a2dd2-1edf-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	16b76f4c-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d7bcc5f-463f-11e9-aa10-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68266
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 704a2dd2-1edf-11e6-abef-000c29c66e3d // IVD: 16b76f4c-2352-11e6-abef-000c29c66e3d // IVD: 7d7bcc5f-463f-11e9-aa10-000c29342cb1 // ZDI: ZDI-14-139 // CNVD: CNVD-2014-02268 // VULHUB: VHN-68266 // CNNVD: CNNVD-201404-178 // JVNDB: JVNDB-2014-001983 // NVD: CVE-2014-0773 // NVD: CVE-2014-0773

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-001983 // NVD: CVE-2014-0773

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-178

TYPE

Command injection

Trust: 0.6

sources: IVD: 704a2dd2-1edf-11e6-abef-000c29c66e3d // IVD: 16b76f4c-2352-11e6-abef-000c29c66e3d // IVD: 7d7bcc5f-463f-11e9-aa10-000c29342cb1

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001983

PATCH

title:	Downloads ::: WebAccess Software	url:	http://webaccess.advantech.com/downloads.php?item=software	Trust: 0.8
title:	Advantech WebAccess	url:	http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03	Trust: 0.7
title:	Advantech WebAccess bwocxrun.ocx CreateProcess method remote command execution vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/44791	Trust: 0.6

sources: ZDI: ZDI-14-139 // CNVD: CNVD-2014-02268 // JVNDB: JVNDB-2014-001983

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0773	Trust: 4.7
db:	ICS CERT	id:	ICSA-14-079-03	Trust: 3.1
db:	CNNVD	id:	CNNVD-201404-178	Trust: 1.3
db:	CNVD	id:	CNVD-2014-02268	Trust: 1.2
db:	BID	id:	66742	Trust: 1.0
db:	BID	id:	66740	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001983	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2095	Trust: 0.7
db:	ZDI	id:	ZDI-14-139	Trust: 0.7
db:	OSVDB	id:	105571	Trust: 0.6
db:	SECUNIA	id:	57873	Trust: 0.6
db:	IVD	id:	704A2DD2-1EDF-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	16B76F4C-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D7BCC5F-463F-11E9-AA10-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-68266	Trust: 0.1

sources: IVD: 704a2dd2-1edf-11e6-abef-000c29c66e3d // IVD: 16b76f4c-2352-11e6-abef-000c29c66e3d // IVD: 7d7bcc5f-463f-11e9-aa10-000c29342cb1 // ZDI: ZDI-14-139 // CNVD: CNVD-2014-02268 // VULHUB: VHN-68266 // BID: 66742 // CNNVD: CNNVD-201404-178 // JVNDB: JVNDB-2014-001983 // NVD: CVE-2014-0773

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-079-03	Trust: 3.8
url:	http://www.securityfocus.com/bid/66740	Trust: 1.0
url:	http://webaccess.advantech.com/	Trust: 1.0
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0773	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0773	Trust: 0.8
url:	http://osvdb.com/show/osvdb/105571	Trust: 0.6
url:	http://secunia.com/advisories/57873	Trust: 0.6

sources: ZDI: ZDI-14-139 // CNVD: CNVD-2014-02268 // VULHUB: VHN-68266 // CNNVD: CNNVD-201404-178 // JVNDB: JVNDB-2014-001983 // NVD: CVE-2014-0773

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-14-139

SOURCES

db:	IVD	id:	704a2dd2-1edf-11e6-abef-000c29c66e3d
db:	IVD	id:	16b76f4c-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	7d7bcc5f-463f-11e9-aa10-000c29342cb1
db:	ZDI	id:	ZDI-14-139
db:	CNVD	id:	CNVD-2014-02268
db:	VULHUB	id:	VHN-68266
db:	BID	id:	66742
db:	CNNVD	id:	CNNVD-201404-178
db:	JVNDB	id:	JVNDB-2014-001983
db:	NVD	id:	CVE-2014-0773

LAST UPDATE DATE

2025-09-21T23:04:14.061000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-139	date:	2014-05-19T00:00:00
db:	CNVD	id:	CNVD-2014-02268	date:	2014-04-11T00:00:00
db:	VULHUB	id:	VHN-68266	date:	2014-04-14T00:00:00
db:	BID	id:	66742	date:	2014-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201404-178	date:	2014-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-001983	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-0773	date:	2025-09-19T20:15:38.027

SOURCES RELEASE DATE

db:	IVD	id:	704a2dd2-1edf-11e6-abef-000c29c66e3d	date:	2014-04-11T00:00:00
db:	IVD	id:	16b76f4c-2352-11e6-abef-000c29c66e3d	date:	2014-04-11T00:00:00
db:	IVD	id:	7d7bcc5f-463f-11e9-aa10-000c29342cb1	date:	2014-04-11T00:00:00
db:	ZDI	id:	ZDI-14-139	date:	2014-05-19T00:00:00
db:	CNVD	id:	CNVD-2014-02268	date:	2014-04-11T00:00:00
db:	VULHUB	id:	VHN-68266	date:	2014-04-12T00:00:00
db:	BID	id:	66742	date:	2014-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201404-178	date:	2014-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-001983	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-0773	date:	2014-04-12T04:37:31.707