{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WebAccess", "vendor": "Advantech", "versions": [{"lessThanOrEqual": "7.1", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "7.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others"}], "datePublic": "2014-07-15T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.</p>"}], "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-06T17:52:36.174Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"}, {"name": "68714", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68714"}, {"url": "http://webaccess.advantech.com/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Advantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\">http://webaccess.advantech.com/</a></p>\n\n<br>"}], "value": "Advantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:\n\n\n http://webaccess.advantech.com/"}], "source": {"advisory": "ICSA-14-198-02", "discovery": "EXTERNAL"}, "title": "Advantech WebAccess Stack-Based Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2364", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}, {"name": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"}, {"name": "68714", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68714"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.490Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"}, {"name": "68714", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68714"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2364", "datePublished": "2014-07-19T01:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-06T17:52:36.174Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D097D1E-9A02-40B0-93BD-163A11638118", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "090C819C-5964-4158-80E6-2D4751A5E8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CF61F9C-360A-4B70-951D-8EE9CF6E55FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1082E1D5-AF49-431F-9172-98C2D2887C96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer basado en pila en Advantech WebAccess anterior a 7.2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrarios a trav\u00e9s de una cadena larga en el par\u00e1metro (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud o (11) IPAddress en un control ActiveX en (a) webvact.ocx, (b) dvs.ocx o (c) webdact.ocx."}], "id": "CVE-2014-2364", "lastModified": "2025-10-06T18:15:47.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-19T05:09:27.563", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"}, {"source": "ics-cert@hq.dhs.gov", "url": "http://webaccess.advantech.com/"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/68714"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/68714"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}