CVE-2014-0770
Advantech WebAccess < 7.1 - Remote Code Execution via UserName Parameter Buffer Overflow
Title source: llmDescription
By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.
References (4)
Core 4
Core References
Various Sources
http://webaccess.advantech.com/
US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66740
Scores
EPSS
0.0108
EPSS Percentile
78.1%
Details
CWE
CWE-119
CWE-121
Status
published
Products (6)
advantech/advantech_webaccess
5.0
advantech/advantech_webaccess
6.0
advantech/advantech_webaccess
7.0
advantech/advantech_webaccess
< 7.1
Advantech/WebAccess
< 7.1
Advantech/WebAccess
7.2
Published
Apr 12, 2014
Tracked Since
Feb 18, 2026