CVE-2017-14016

MEDIUM

Advantech WebAccess <V8.2_20170817 - Buffer Overflow

Title source: llm

Description

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappswindows

https://www.exploit-db.com/exploits/43340

View Code ZIP pw:eip

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/advantech_webaccess_webvrpcs_bof.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101685

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43340/

Scores

CVSS v3 6.3

EPSS 0.1923

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

CWE

CWE-119 CWE-121

Status published

Products (2)

advantech/webaccess < 8.2_20170817

n/a/Advantech WebAccess Advantech WebAccess

Published Nov 06, 2017

Tracked Since Feb 18, 2026