CVE-2014-2364

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*
cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*
cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*
cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-07-19 05:09

Updated : 2024-02-04 18:35


NVD link : CVE-2014-2364

Mitre link : CVE-2014-2364

CVE.ORG link : CVE-2014-2364


JSON object : View

Products Affected

advantech

  • advantech_webaccess
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer