CVE-2014-0763

Advantech WebAccess < 7.1 - SQL Injection via DBVisitor.dll SOAP Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0763. Includes Metasploit module auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in Advantech WebAccess 7.1 via the DBVisitor.dll component. It extracts usernames and password hashes by injecting malicious SQL queries into the ChartThemeConfig web service.

Description

An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action and access to records in the table of the software database or execution of arbitrary code.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in Advantech WebAccess 7.1 via the DBVisitor.dll component. It extracts usernames and password hashes by injecting malicious SQL queries into the ChartThemeConfig web service.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Advantech WebAccess 7.1

No auth needed

Prerequisites: Network access to the target WebAccess instance · ChartThemeConfig service must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

US Government Resource

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03

Various Sources

http://webaccess.advantech.com/

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/66740

Scores

EPSS 0.5789

EPSS Percentile 98.2%

Details

CWE

CWE-89

Status published

Products (6)

advantech/advantech_webaccess 5.0

advantech/advantech_webaccess 6.0

advantech/advantech_webaccess 7.0

advantech/advantech_webaccess < 7.1

Advantech/WebAccess < 7.1

Advantech/WebAccess 7.2

Published Apr 12, 2014

Tracked Since Feb 18, 2026