CVE-2014-0765

Advantech WebAccess Stack-based Buffer Overflow

CVSS 7.5 EPSS 2.7%CWE-121

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.

AV:N/AC:L/Au:N/C:P/I:P/A:P

Produtos afetados

Advantech · WebAccess

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03 https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03 http://webaccess.advantech.com/http://www.securityfocus.com/bid/66722 http://www.securityfocus.com/bid/66740