CVE-2014-0765
published 2014-04-12CVE-2014-0765: To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.67%
83.9th percentile
To exploit this vulnerability, the attacker sends data from the GotoCmd
argument to control. If the value of the argument is overly long, the
static stack buffer can be overflowed. This will allow the attacker to
execute arbitrary code remotely.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_webaccess | <= 7.1 | — |
| advantech | advantech_webaccess | — | — |
| advantech | advantech_webaccess | — | — |
| advantech | advantech_webaccess | — | — |
| advantech | webaccess | <= 7.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rj4r-c32h-gm33: Stack-based buffer overflow in Advantech WebAccess before 7
ghsa_unreviewed·2022-05-17
CVE-2014-0765 [HIGH] CWE-119 GHSA-rj4r-c32h-gm33: Stack-based buffer overflow in Advantech WebAccess before 7
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument.
CISA ICS
Advantech WebAccess Vulnerabilities
cisa_ics·2018-09-06
Advantech WebAccess Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-079-03
## OVERVIEW
This advisory is a follow-up to the original advisory titled “ICSA-14-079-03P Advantech WebAccess Vulnerabilities” that was posted to the US-CERT secure Portal library March 20, 2014.
Researchers working with HP’s Zero Day Initiative (ZDI), Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher, have identified several vulnerabilities in Advantech’s WebAccess application. ZDI reported them to NCCIC/ICS‑CERT. Advantech has produced a new version tha
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-04-12
Published