CVE-2014-2364

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
icscertCNA
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
advantechadvantech_webaccess
𝑥
≤ 7.1
advantechadvantech_webaccess
5.0
advantechadvantech_webaccess
6.0
advantechadvantech_webaccess
7.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
advantechwebaccess
𝑥
≤ 7.1
CNA
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html
http://webaccess.advantech.com/
http://www.securityfocus.com/bid/68714
https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02
http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html
http://www.securityfocus.com/bid/68714