CVE-2014-0773
Summary
| CVE | CVE-2014-0773 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-04-12 04:37:00 UTC |
| Updated | 2014-04-14 17:56:00 UTC |
| Description | The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Advantech | Advantech Webaccess | 5.0 | All | All | All |
| Application | Advantech | Advantech Webaccess | 6.0 | All | All | All |
| Application | Advantech | Advantech Webaccess | 7.0 | All | All | All |
| Application | Advantech | Advantech Webaccess | 5.0 | All | All | All |
| Application | Advantech | Advantech Webaccess | 6.0 | All | All | All |
| Application | Advantech | Advantech Webaccess | 7.0 | All | All | All |
| Application | Advantech | Advantech Webaccess | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Advantech WebAccess Vulnerabilities | ICS-CERT | MISC | ics-cert.us-cert.gov | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.