CVE-2014-2364

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/68714	Exploit
http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html	Exploit

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:advantech:advantech_webaccess:7.0:::::::*
	cpe:2.3:a:advantech:advantech_webaccess:6.0:::::::*
	cpe:2.3:a:advantech:advantech_webaccess:5.0:::::::*
	cpe:2.3:a:advantech:advantech_webaccess::::::::

Information

Published : 2014-07-18 22:09

Updated : 2015-08-11 07:38

NVD link : CVE-2014-2364

Mitre link : CVE-2014-2364

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

advantech

advantech_webaccess

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/68714", "name": "68714", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html", "name": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html", "tags": ["Exploit"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-2364", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-07-19T05:09Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2015-08-11T14:38Z"}