CVE-2014-0773
published 2014-04-12CVE-2014-0773: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.52%
82.9th percentile
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“CreateProcess.” This method contains validation to ensure an attacker
cannot run arbitrary command lines. After validation, the values
supplied in the HTML are passed to the Windows CreateProcessA API.
The validation can be bypassed allowing for running arbitrary command
lines. The command line can specify running remote files (example: UNC
command line).
A function exists at offset 100019B0 of bwocxrun.ocx. Inside this
function, there are 3 calls to strstr to check the contents of the user
specified command line. If “\setup.exe,” “\bwvbprt.exe,” or
“\bwvbprtl.exe” are contained in the command line (strstr returns
nonzero value), the command line passes validation and is then passed to
CreateProcessA.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_webaccess | <= 7.1 | — |
| advantech | advantech_webaccess | — | — |
| advantech | advantech_webaccess | — | — |
| advantech | advantech_webaccess | — | — |
| advantech | webaccess | <= 7.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wc8h-x86j-g2mp: The CreateProcess method in the BWOCXRUN
ghsa_unreviewed·2022-05-17
CVE-2014-0773 [HIGH] CWE-77 GHSA-wc8h-x86j-g2mp: The CreateProcess method in the BWOCXRUN
The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.
CISA ICS
Advantech WebAccess Vulnerabilities
cisa_ics·2018-09-06
Advantech WebAccess Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-079-03
## OVERVIEW
This advisory is a follow-up to the original advisory titled “ICSA-14-079-03P Advantech WebAccess Vulnerabilities” that was posted to the US-CERT secure Portal library March 20, 2014.
Researchers working with HP’s Zero Day Initiative (ZDI), Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher, have identified several vulnerabilities in Advantech’s WebAccess application. ZDI reported them to NCCIC/ICS‑CERT. Advantech has produced a new version tha
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-04-12
Published