Advantech Webaccess
CVE-2014-0773
HIGH
Severity by source
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API.
The validation can be bypassed allowing for running arbitrary command lines. The command line can specify running remote files (example: UNC command line).
A function exists at offset 100019B0 of bwocxrun.ocx. Inside this function, there are 3 calls to strstr to check the contents of the user specified command line. If “\setup.exe,” “\bwvbprt.exe,” or “\bwvbprtl.exe” are contained in the command line (strstr returns nonzero value), the command line passes validation and is then passed to CreateProcessA.
AnalysisAI
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The validation can be bypassed allowing for running arbitrary command lines. The command line can specify running remote files (example: UNC command line). A function exists at offset 100019B0 of bwocxrun.ocx. Inside this function, there are 3 calls to strstr to check the contents of the user specified command line. If “\setup.exe,” “\bwvbprt.exe,” or “\bwvbprtl.exe” are contained in the command line (strstr returns nonzero value), the command line passes validation and is then passed to CreateProcessA. Affected products include: Advantech Advantech Webaccess.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in Advantech Webaccess
View allAn attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a m
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remo
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTM
An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buff
An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control.
An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer o
To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today