Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable9957.PRM
HistoryFeb 14, 2017 - 12:00 a.m.

Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities

2017-02-1400:00:00
Tenable
www.tenable.com
11

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.671 Medium

EPSS

Percentile

98.0%

JSON

The installed version of Advantech WebAccess is prior to 7.2-2013.11.14 and is affected by the following vulnerabilities :

  • Multiple SQL Injection vulnerabilities exist in ‘DBVisitor.dll’ that can be exploited via specially crafted SOAP requests. (CVE-2014-0763)
  • Multiple stack-based buffer overflow conditions exist in an unspecified ActiveX control. (CVE-2014-0764, CVE-2014-0765, CVE-2014-0766, CVE-2014-0767, CVE-2014-0768)
  • The ‘NodeName’ parameter on the web interface is affected by a buffer overflow vulnerability. (CVE-2014-0770)
  • An unspecified ActiveX control contains a flaw that allows attackers to read arbitrary files. (CVE-2014-0771, CVE-2014-0772)
  • An unspecified ActiveX control contains a flaw that allows certain executable names to be run from arbitrary path names. (CVE-2014-0773)
Binary data 9957.prm
VendorProductVersionCPE
advantechadvantech_webaccesscpe:/a:advantech:advantech_webaccess

References

Related

openvas 1
nessus 2
ics 1
securityvulns 1
coresecurity 1
cvelist 10
zdi 10
seebug 9
nvd 10
cve 10
checkpoint_advisories 8
prion 10
openvas
openvas
Advantech WebAccess Multiple Vulnerabilities
2014-04-16 00:00:00
nessus
nessus
Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities
2015-08-17 00:00:00
Advantech WebAccess Multiple BWOCXRUN.OCX ActiveX Vulnerabilities
2014-04-14 00:00:00
ics
ics
Advantech WebAccess Vulnerabilities
2018-09-06 12:00:00
securityvulns
securityvulns
[CORE-2014-0005] - Advantech WebAccess Vulnerabilities
2014-10-15 00:00:00
coresecurity
coresecurity
Advantech WebAccess Vulnerabilities
2014-09-02 00:00:00
cvelist
cvelist
CVE-2014-0765
2014-04-12 01:00:00
CVE-2014-0766
2014-04-12 01:00:00
CVE-2014-0770
2014-04-12 01:00:00
zdi
zdi
Advantech WebAccess webvact.ocx GotoCmd Stack Buffer Overflow Remote Code Execution Vulnerability
2014-04-10 00:00:00
Advantech WebAccess webvact.ocx AccessCode2 Stack Buffer Overflow Remote Code Execution Vulnerability
2014-04-24 00:00:00
Advantech WebAccess DBVisitor.dll SQL Injection Remote Code Execution Vulnerability
2014-04-10 00:00:00
seebug
seebug
Advantech WebAccess odeName2参数处理栈缓冲区溢出漏洞
2014-04-15 00:00:00
Advantech WebAccess userName参数处理栈缓冲区溢出漏洞
2014-04-15 00:00:00
Advantech WebAccess bwocxrun.ocx任意文件访问漏洞
2014-04-15 00:00:00
nvd
nvd
CVE-2014-0770
2014-04-12 04:37:31
CVE-2014-0765
2014-04-12 04:37:31
CVE-2014-0766
2014-04-12 04:37:31
cve
cve
CVE-2014-0770
2014-04-12 04:37:31
CVE-2014-0764
2014-04-12 04:37:31
CVE-2014-0763
2014-04-12 04:37:31
checkpoint_advisories
checkpoint_advisories
Advantech WebAccess SCADA webvact.ocx GotoCmd Buffer Overflow (CVE-2014-0765)
2014-07-16 00:00:00
Advantech WebAccess SCADA webvact.ocx AccessCode2 Buffer Overflow (CVE-2014-0768)
2014-06-24 00:00:00
Advantech WebAccess SCADA webvact.ocx NodeName Buffer Overflow (CVE-2014-0764)
2014-05-13 00:00:00
prion
prion
Stack overflow
2014-04-12 04:37:00
Buffer overflow
2014-04-12 04:37:00
Stack overflow
2014-04-12 04:37:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.671 Medium

EPSS

Percentile

98.0%

JSON
Related for 9957.PRM
openvas1nessus2ics1securityvulns1coresecurity1cvelist10zdi10seebug9nvd10cve10checkpoint_advisories8prion10