{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WebAccess", "vendor": "Advantech", "versions": [{"lessThanOrEqual": "7.1", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "7.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP\u2019s Zero Day Initiative (ZDI)"}], "datePublic": "2014-04-08T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\n\n\n\n\n\n\n\n</p><p></p>\n<p></p>\n<p>The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \n\u201cCreateProcess.\u201d This method contains validation to ensure an attacker \ncannot run arbitrary command lines. After validation, the values \nsupplied in the HTML are passed to the Windows CreateProcessA API.</p>\n<p>The validation can be bypassed allowing for running arbitrary command\n lines. The command line can specify running remote files (example: UNC \ncommand line).</p>\n<p>A function exists at offset 100019B0 of bwocxrun.ocx. Inside this \nfunction, there are 3 calls to strstr to check the contents of the user \nspecified command line. If \u201c\\setup.exe,\u201d \u201c\\bwvbprt.exe,\u201d or \n\u201c\\bwvbprtl.exe\u201d are contained in the command line (strstr returns \nnonzero value), the command line passes validation and is then passed to\n CreateProcessA.</p>\n\n<p></p>\n\n<p></p>\n\n<p></p>"}], "value": "The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \n\u201cCreateProcess.\u201d This method contains validation to ensure an attacker \ncannot run arbitrary command lines. After validation, the values \nsupplied in the HTML are passed to the Windows CreateProcessA API.\n\n\nThe validation can be bypassed allowing for running arbitrary command\n lines. The command line can specify running remote files (example: UNC \ncommand line).\n\n\nA function exists at offset 100019B0 of bwocxrun.ocx. Inside this \nfunction, there are 3 calls to strstr to check the contents of the user \nspecified command line. If \u201c\\setup.exe,\u201d \u201c\\bwvbprt.exe,\u201d or \n\u201c\\bwvbprtl.exe\u201d are contained in the command line (strstr returns \nnonzero value), the command line passes validation and is then passed to\n CreateProcessA."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-19T19:18:06.695Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"}, {"name": "66740", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66740"}, {"url": "http://webaccess.advantech.com/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Advantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/downloads.php?item=software\">http://webaccess.advantech.com/downloads.php?item=software</a></p><p>For additional information about WebAccess, please visit the following Advantech web site:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\">http://webaccess.advantech.com/</a></p>\n\n<br>"}], "value": "Advantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u00a0 http://webaccess.advantech.com/downloads.php?item=software \n\nFor additional information about WebAccess, please visit the following Advantech web site:\u00a0 http://webaccess.advantech.com/"}], "source": {"advisory": "ICSA-14-079-03", "discovery": "EXTERNAL"}, "title": "Advantech WebAccess Command Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-0763", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"}, {"name": "66740", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66740"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.486Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-0773", "datePublished": "2014-04-12T01:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2025-09-19T19:18:06.695Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D097D1E-9A02-40B0-93BD-163A11638118", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "090C819C-5964-4158-80E6-2D4751A5E8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CF61F9C-360A-4B70-951D-8EE9CF6E55FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1082E1D5-AF49-431F-9172-98C2D2887C96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \n\u201cCreateProcess.\u201d This method contains validation to ensure an attacker \ncannot run arbitrary command lines. After validation, the values \nsupplied in the HTML are passed to the Windows CreateProcessA API.\n\n\nThe validation can be bypassed allowing for running arbitrary command\n lines. The command line can specify running remote files (example: UNC \ncommand line).\n\n\nA function exists at offset 100019B0 of bwocxrun.ocx. Inside this \nfunction, there are 3 calls to strstr to check the contents of the user \nspecified command line. If \u201c\\setup.exe,\u201d \u201c\\bwvbprt.exe,\u201d or \n\u201c\\bwvbprtl.exe\u201d are contained in the command line (strstr returns \nnonzero value), the command line passes validation and is then passed to\n CreateProcessA."}, {"lang": "es", "value": "El m\u00e9todo CreateProcess en el control BWOCXRUN.BwocxrunCtrl.1 ActiveX en bwocxrun.ocx en Advantech WebAccess anterior a 7.2 permite a atacantes remotos ejecutar programas (1) setup.exe, (2) bwvbprt.exe y (3) bwvbprtl.exe de nombres de rutas arbitrarios a trav\u00e9s de un argumento manipulado, tal y como fue demostrado por un nombre de ruta compartida UNC."}], "evaluatorComment": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "id": "CVE-2014-0773", "lastModified": "2025-09-19T20:15:38.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-12T04:37:31.707", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://webaccess.advantech.com/"}, {"source": "ics-cert@hq.dhs.gov", "url": "http://www.securityfocus.com/bid/66740"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}