var-201404-0548
Vulnerability from variot
The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx. The control exposes a scriptable method 'CreateProcess'. An attacker can exploit a flaw in the validation code within the method to execute arbitrary commands in the context of the browser. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Attackers can exploit this issue to bypass security restrictions allowing attackers to run arbitrary command lines; this may aid in launching further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 1.2,
"vendor": "advantech",
"version": "7.1"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "7.1"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.2"
},
{
"model": "webaccess",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "advantech webaccess",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "advantech webaccess",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"db": "NVD",
"id": "CVE-2014-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-178"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0773"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-139"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0773",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0773",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-02268",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-68266",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0773",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-0773",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-02268",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-178",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-68266",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"db": "VULHUB",
"id": "VHN-68266"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"db": "NVD",
"id": "CVE-2014-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx. The control exposes a scriptable method \u0027CreateProcess\u0027. An attacker can exploit a flaw in the validation code within the method to execute arbitrary commands in the context of the browser. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. \nAttackers can exploit this issue to bypass security restrictions allowing attackers to run arbitrary command lines; this may aid in launching further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0773"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"db": "BID",
"id": "66742"
},
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-68266"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0773",
"trust": 4.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-079-03",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201404-178",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-02268",
"trust": 1.2
},
{
"db": "BID",
"id": "66742",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001983",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2095",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-139",
"trust": 0.7
},
{
"db": "OSVDB",
"id": "105571",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "57873",
"trust": 0.6
},
{
"db": "IVD",
"id": "704A2DD2-1EDF-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "16B76F4C-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7BCC5F-463F-11E9-AA10-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68266",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"db": "VULHUB",
"id": "VHN-68266"
},
{
"db": "BID",
"id": "66742"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"db": "NVD",
"id": "CVE-2014-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-178"
}
]
},
"id": "VAR-201404-0548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"db": "VULHUB",
"id": "VHN-68266"
}
],
"trust": 1.73267184
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
}
]
},
"last_update_date": "2023-12-18T12:51:58.612000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads ::: WebAccess Software",
"trust": 0.8,
"url": "http://webaccess.advantech.com/downloads.php?item=software"
},
{
"title": "Advantech WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/gf-1m94v/advantech-webaccess/mod_b975c492-56b3-4eba-8bbb-5b6d3483ee9d.aspx"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-079-03"
},
{
"title": "Advantech WebAccess bwocxrun.ocx CreateProcess method remote command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/44791"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001983"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"db": "NVD",
"id": "CVE-2014-0773"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0773"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0773"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/105571"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57873"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"db": "VULHUB",
"id": "VHN-68266"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"db": "NVD",
"id": "CVE-2014-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"db": "VULHUB",
"id": "VHN-68266"
},
{
"db": "BID",
"id": "66742"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"db": "NVD",
"id": "CVE-2014-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-11T00:00:00",
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-11T00:00:00",
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-11T00:00:00",
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"date": "2014-05-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"date": "2014-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"date": "2014-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-68266"
},
{
"date": "2014-04-08T00:00:00",
"db": "BID",
"id": "66742"
},
{
"date": "2014-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"date": "2014-04-12T04:37:31.707000",
"db": "NVD",
"id": "CVE-2014-0773"
},
{
"date": "2014-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-139"
},
{
"date": "2014-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02268"
},
{
"date": "2014-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-68266"
},
{
"date": "2014-04-08T00:00:00",
"db": "BID",
"id": "66742"
},
{
"date": "2014-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001983"
},
{
"date": "2014-04-14T17:56:26.973000",
"db": "NVD",
"id": "CVE-2014-0773"
},
{
"date": "2014-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess bwocxrun.ocx CreateProcess Method Remote Command Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-02268"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command injection",
"sources": [
{
"db": "IVD",
"id": "704a2dd2-1edf-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "16b76f4c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.