CVE-2014-0768 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2014-0768?

CVE-2014-0768 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.

Q: How severe is CVE-2014-0768?

CVE-2014-0768 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0768?

Check the references section above for vendor advisories and patch information. Affected products include: Advantech Advantech Webaccess.

Vulnerability Description

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Advantech	Advantech Webaccess	<= 7.1

Related Weaknesses (CWE)

CWE-121 CWE-119

References

http://webaccess.advantech.com/
http://www.securityfocus.com/bid/66740
https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/66732

FAQ

What is CVE-2014-0768?

CVE-2014-0768 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.

How severe is CVE-2014-0768?

CVE-2014-0768 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0768?

Check the references section above for vendor advisories and patch information. Affected products include: Advantech Advantech Webaccess.