{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "WebAccess", "vendor": "Advantech", "versions": [ { "lessThanOrEqual": "7.1", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "7.2" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP’s Zero Day Initiative (ZDI)" } ], "datePublic": "2014-04-08T06:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
\nAn attacker using SQL injection may use arguments to construct queries \nwithout proper sanitization. The DBVisitor.dll is exposed through SOAP \ninterfaces, and the exposed functions are vulnerable to SOAP injection. \nThis may allow unexpected SQL action and access to records in the table \nof the software database or execution of arbitrary code.\n\n
" } ], "value": "An attacker using SQL injection may use arguments to construct queries \nwithout proper sanitization. The DBVisitor.dll is exposed through SOAP \ninterfaces, and the exposed functions are vulnerable to SOAP injection. \nThis may allow unexpected SQL action and access to records in the table \nof the software database or execution of arbitrary code." } ], "metrics": [ { "cvssV2_0": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-19T19:06:29.062Z" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03" }, { "name": "66740", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/66740" }, { "url": "http://webaccess.advantech.com/" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Advantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site: http://webaccess.advantech.com/downloads.php?item=software
For additional information about WebAccess, please visit the following Advantech web site: http://webaccess.advantech.com/
\n\n