CVE-2014-2365 - Vulnerability Details - OpenCVE

Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Advantech	Advantech Webaccess

Configuration 1 [-]

OR	cpe:2.3:a:advantech:advantech_webaccess::::::::
	cpe:2.3:a:advantech:advantech_webaccess:5.0:::::::*
	cpe:2.3:a:advantech:advantech_webaccess:6.0:::::::*
	cpe:2.3:a:advantech:advantech_webaccess:7.0:::::::*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02
http://webaccess.advantech.com/
https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02

History

Mon, 06 Oct 2025 18:00:00 +0000

Type	Values Removed	Values Added
Title		Advantech WebAccess Improper Access Control
Weaknesses		CWE-284
References		http://webaccess.advantech.com/ https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02
Metrics	cvssV2_0 `{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P'}`	cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-07-19T01:00:00

Updated: 2025-10-06T17:51:28.289Z

Reserved: 2014-03-13T00:00:00

Link: CVE-2014-2365

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-07-19T05:09:27.627

Modified: 2025-10-06T18:15:48.070

Link: CVE-2014-2365

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WebAccess", "vendor": "Advantech", "versions": [{"lessThanOrEqual": "7.1", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "7.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others"}], "datePublic": "2014-07-15T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\n\n\nUnspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.\n\n</p>"}], "value": "Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-06T17:51:28.289Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"}, {"name": "68714", "url": "http://webaccess.advantech.com/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Advantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\">http://webaccess.advantech.com/</a></p>\n\n<br>"}], "value": "Advantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:\n\n\n http://webaccess.advantech.com/"}], "source": {"advisory": "ICSA-14-198-02", "discovery": "EXTERNAL"}, "title": "Advantech WebAccess Improper Access Control", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2364", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}, {"name": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"}, {"name": "68714", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68714"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.501Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2365", "datePublished": "2014-07-19T01:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-06T17:51:28.289Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D097D1E-9A02-40B0-93BD-163A11638118", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "090C819C-5964-4158-80E6-2D4751A5E8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CF61F9C-360A-4B70-951D-8EE9CF6E55FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1082E1D5-AF49-431F-9172-98C2D2887C96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Advantech WebAccess anterior a 7.2 permite a usuarios remotos autenticados crear o eliminar ficheros arbitrarios a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2014-2365", "lastModified": "2025-10-06T18:15:48.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-19T05:09:27.627", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://webaccess.advantech.com/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}