← volver
CVE-2014-2364

Advantech WebAccess Stack-Based Buffer Overflow

CVSS 7.5 EPSS 61.4%CWE-121
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
AV:N/AC:L/Au:N/C:P/I:P/A:P
Productos afectados
Advantech · WebAccess
PoCs públicas encontradas2
cve_referencepacketstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.htmlno verificadoexploitdbwww.exploit-db.com/exploits/34757no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02http://webaccess.advantech.com/http://www.securityfocus.com/bid/68714