{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WebAccess", "vendor": "Advantech", "versions": [{"lessThanOrEqual": "7.1", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "7.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others"}], "datePublic": "2014-07-15T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\n\nupAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.\n\n</p>"}], "value": "upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-316", "description": "CWE-316", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-06T17:50:01.014Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"}, {"name": "68714", "url": "http://webaccess.advantech.com/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Advantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\">http://webaccess.advantech.com/</a></p>\n\n<br>"}], "value": "Advantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:\n\n\n http://webaccess.advantech.com/"}], "source": {"advisory": "ICSA-14-198-02", "discovery": "EXTERNAL"}, "title": "Advantech WebAccess Cleartext Storage of Sensitive Information in Memory", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2364", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}, {"name": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"}, {"name": "68714", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68714"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.244Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2366", "datePublished": "2014-07-19T01:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-06T17:50:01.014Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D097D1E-9A02-40B0-93BD-163A11638118", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "090C819C-5964-4158-80E6-2D4751A5E8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CF61F9C-360A-4B70-951D-8EE9CF6E55FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1082E1D5-AF49-431F-9172-98C2D2887C96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code."}, {"lang": "es", "value": "upAdminPg.asp en Advantech WebAccess anterior a 7.2 permite a usuarios remotos autenticados descubrir credenciales mediante la lectura del c\u00f3digo fuente HTML."}], "id": "CVE-2014-2366", "lastModified": "2025-10-06T18:15:48.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-19T05:09:27.673", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://webaccess.advantech.com/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-316"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}