CVE-2014-0765

Advantech WebAccess Stack-based Buffer Overflow

CVSS 7.5 EPSS 2.7%CWE-121

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.

AV:N/AC:L/Au:N/C:P/I:P/A:P

Productos afectados

Advantech · WebAccess

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03 https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03 http://webaccess.advantech.com/http://www.securityfocus.com/bid/66722 http://www.securityfocus.com/bid/66740