Skip to main content

Advantech Webaccess CVE-2012-0242

CRITICAL
Use of Externally-Controlled Format String (CWE-134)
2012-02-21 cret@cert.org
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Feb 21, 2012 - 13:31 cve.org
CRITICAL 10.0

DescriptionCVE.org

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.

AnalysisAI

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-134. Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Affected products include: Advantech Advantech Webaccess. Version information: before 7.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-0763 HIGH POC
7.5 Apr 12

An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity

CVE-2014-2364 HIGH POC
7.5 Jul 19

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code

CVE-2012-0241 MEDIUM POC
5.0 Feb 21

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a m

CVE-2012-0243 CRITICAL
10.0 Feb 21

Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers

CVE-2012-0238 CRITICAL
10.0 Feb 21

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute

CVE-2012-0240 CRITICAL
10.0 Feb 21

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remo

CVE-2014-2366 CRITICAL
9.0 Jul 19

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTM

CVE-2014-0768 HIGH
7.5 Apr 12

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buff

CVE-2014-0767 HIGH
7.5 Apr 12

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control.

CVE-2014-0766 HIGH
7.5 Apr 12

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer o

CVE-2014-0765 HIGH
7.5 Apr 12

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7

CVE-2014-0764 HIGH
7.5 Apr 12

By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffe

Share

CVE-2012-0242 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy