CVE-2014-0764

EPSS 1.18%
Published 12.04.2014 04:37:31
Last modified 19.09.2025 19:15:37
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

By providing an overly long string to the NodeName parameter, an 
attacker may be able to overflow the static stack buffer. The attacker 
may then execute code on the target device remotely.

Affected products Warnungen 0 Metrics 3 CWE 2 References 8

Data is provided by the National Vulnerability Database (NVD)

Advantech ≫ Advantech Webaccess Version <= 7.1

Advantech ≫ Advantech Webaccess Version5.0

Advantech ≫ Advantech Webaccess Version6.0

Advantech ≫ Advantech Webaccess Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.18%	0.78

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
ics-cert@hq.dhs.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/66740

http://www.securityfocus.com/bid/66718

http://webaccess.advantech.com/

https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03

https://nvd.nist.gov/vuln/detail/CVE-2014-0764

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0764

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0764

EUVD