CVE-2014-0768

EPSS 1.18%
Published 12.04.2014 04:37:31
Last modified 19.09.2025 20:15:37
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

An attacker may pass an overly long value from the AccessCode2 argument 
to the control to overflow the static stack buffer. The attacker may 
then remotely execute arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 2 References 8

Data is provided by the National Vulnerability Database (NVD)

Advantech ≫ Advantech Webaccess Version <= 7.1

Advantech ≫ Advantech Webaccess Version5.0

Advantech ≫ Advantech Webaccess Version6.0

Advantech ≫ Advantech Webaccess Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.18%	0.78

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
ics-cert@hq.dhs.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/66740

http://www.securityfocus.com/bid/66732

http://webaccess.advantech.com/

https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03

https://nvd.nist.gov/vuln/detail/CVE-2014-0768

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0768

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0768

EUVD