Vulnerabilities > CVE-2014-0773 - Unspecified vulnerability in Advantech Webaccess 5.0/6.0/7.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2014-0773 Advantech WebAccess HMI/SCADA是一款HMI/SCADA软件。 Advantech WebAccess BWOCXRUN.BwocxrunCtrl.1 ActiveX控件(bwocxrun.ocx)中的CreateProcess方法存在安全漏洞,如果命令行中包含'\setup.exe', '\bwvbprt.exe'或'\bwvbprtl.exe',可导致绕过该方法中的命令执行校验机制,以应用程序上下文执行任意命令。 0 Advantech WebAccess 7.1 Advantech WebAccess 7.2版本已修复该漏洞,建议用户下载更新: http://webaccess.advantech.com/ |
| id | SSV:62171 |
| last seen | 2017-11-19 |
| modified | 2014-04-15 |
| published | 2014-04-15 |
| reporter | Root |
| title | Advantech WebAccess bwocxrun.ocx CreateProcess方法远程命令执行漏洞 |