mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
99 lines
3.3 KiB
JSON
99 lines
3.3 KiB
JSON
{
|
|
"id": "CVE-2014-0773",
|
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
|
"published": "2014-04-12T04:37:31.707",
|
|
"lastModified": "2014-04-14T17:56:26.973",
|
|
"vulnStatus": "Analyzed",
|
|
"evaluatorComment": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El m\u00e9todo CreateProcess en el control BWOCXRUN.BwocxrunCtrl.1 ActiveX en bwocxrun.ocx en Advantech WebAccess anterior a 7.2 permite a atacantes remotos ejecutar programas (1) setup.exe, (2) bwvbprt.exe y (3) bwvbprtl.exe de nombres de rutas arbitrarios a trav\u00e9s de un argumento manipulado, tal y como fue demostrado por un nombre de ruta compartida UNC."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "7.1",
|
|
"matchCriteriaId": "3D097D1E-9A02-40B0-93BD-163A11638118"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "090C819C-5964-4158-80E6-2D4751A5E8BF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7CF61F9C-360A-4B70-951D-8EE9CF6E55FA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1082E1D5-AF49-431F-9172-98C2D2887C96"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |