CVSS: 6.8EPSS: 15%CPEs: 1EXPL: 0CVE-2014-0987
https://notcve.org/view.php?id=CVE-2014-0987
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro NodeName2. • http://www.securityfocus.com/bid/69532 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 15%CPEs: 1EXPL: 0CVE-2014-0985
https://notcve.org/view.php?id=CVE-2014-0985
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro NodeName. • http://www.securityfocus.com/bid/69529 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 15%CPEs: 1EXPL: 0CVE-2014-0990
https://notcve.org/view.php?id=CVE-2014-0990
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro UserName. • http://www.securityfocus.com/bid/69535 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 32%CPEs: 4EXPL: 3CVE-2014-2364 – Advantech WebAccess dvs.ocx ServerResponse Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2364
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. Múltiples desbordamientos de buffer basado en pila en Advantech WebAccess anterior a 7.2 permiten a atacantes remotos ejecutar código arbitrarios a través de una cadena larga en el parámetro (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud o (11) IPAddress en un control ActiveX en (a) webvact.ocx, (b) dvs.ocx o (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DVC.DvcCtrl ActiveX Control in dvs.ocx. The control does not check the length of an attacker-supplied string in the ServerResponse method before copying it into a fixed length buffer on the stack. • https://www.exploit-db.com/exploits/34757 http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02 http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html http://www.securityfocus.com/bid/68714 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2365 – Advantech WebAccess Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2365
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. Vulnerabilidad no especificada en Advantech WebAccess anterior a 7.2 permite a usuarios remotos autenticados crear o eliminar ficheros arbitrarios a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gmicons.asp functionality. By providing crafted requests, an attacker is able to delete or create arbitrary files as the WebAccess service. • http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02 •