Vulnerability Description
To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantech | Advantech Webaccess | <= 7.1 |
Related Weaknesses (CWE)
References
- http://webaccess.advantech.com/
- http://www.securityfocus.com/bid/66740
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03
- http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/66722
FAQ
What is CVE-2014-0765?
CVE-2014-0765 is a vulnerability with a CVSS score of 7.5 (HIGH). To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow t...
How severe is CVE-2014-0765?
CVE-2014-0765 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0765?
Check the references section above for vendor advisories and patch information. Affected products include: Advantech Advantech Webaccess.