← back
CVE-2014-2364

Advantech WebAccess Stack-Based Buffer Overflow

CVSS 7.5 EPSS 61.4%CWE-121
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products
Advantech · WebAccess
public PoCs found2
cve_referencepacketstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.htmlunverifiedexploitdbwww.exploit-db.com/exploits/34757unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02http://webaccess.advantech.com/http://www.securityfocus.com/bid/68714