CVE-2014-0763

{"id": "CVE-2014-0763", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-12T04:37:31.440", "references": [{"url": "http://webaccess.advantech.com/", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/66740", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/66740", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An attacker using SQL injection may use arguments to construct queries \nwithout proper sanitization. The DBVisitor.dll is exposed through SOAP \ninterfaces, and the exposed functions are vulnerable to SOAP injection. \nThis may allow unexpected SQL action and access to records in the table \nof the software database or execution of arbitrary code."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en DBVisitor.dll en Advantech WebAccess anterior a 7.2 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de solicitudes SOAP hacia funciones no especificadas."}], "lastModified": "2025-09-19T19:15:37.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D097D1E-9A02-40B0-93BD-163A11638118", "versionEndIncluding": "7.1"}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "090C819C-5964-4158-80E6-2D4751A5E8BF"}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CF61F9C-360A-4B70-951D-8EE9CF6E55FA"}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1082E1D5-AF49-431F-9172-98C2D2887C96"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}