CVE-2014-2364
Advantech WebAccess <7.2 - RCE
Title source: llmDescription
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/34757
metasploit
WORKING POC
NORMAL
by Unknown, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb
Scores
EPSS
0.4019
EPSS Percentile
97.4%
Details
CWE
CWE-119
CWE-121
Status
published
Products (6)
advantech/advantech_webaccess
5.0
advantech/advantech_webaccess
6.0
advantech/advantech_webaccess
7.0
advantech/advantech_webaccess
< 7.1
Advantech/WebAccess
< 7.1
Advantech/WebAccess
7.2
Published
Jul 19, 2014
Tracked Since
Feb 18, 2026