Unrated severityNVD Advisory· Published Apr 12, 2014· Updated May 6, 2026

CVE-2014-0763

Description

An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action and access to records in the table of the software database or execution of arbitrary code.

Affected products

Advantech/Advantech Webaccess4 versions
cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*range: <=7.1
- cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*
Advantech/WebAccessv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ics-cert.us-cert.gov/advisories/ICSA-14-079-03nvdUS Government Resource
webaccess.advantech.comnvd
www.securityfocus.com/bid/66740nvd
www.cisa.gov/news-events/ics-advisories/icsa-14-079-03nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.046
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000