Skip to main content

Webaccess CVE-2014-9208

CRITICAL
Buffer Overflow (CWE-119)
2015-09-11 ics-cert@hq.dhs.gov
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Sep 11, 2015 - 16:59 cve.org
CRITICAL 10.0

DescriptionCVE.org

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.

AnalysisAI

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. Affected products include: Advantech Webaccess. Version information: before 8.0.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2016-0854 CRITICAL POC
9.8 Jan 15

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess

CVE-2016-0856 CRITICAL
9.8 Jan 15

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code

CVE-2017-14016 MEDIUM POC
6.3 Nov 06

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated medium

CVE-2016-5810 MEDIUM POC
4.9 May 02

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive

CVE-2019-3951 CRITICAL POC
9.8 Dec 12

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of

CVE-2019-3975 CRITICAL POC
9.8 Sep 10

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3954 CRITICAL POC
9.8 Jun 19

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3953 CRITICAL POC
9.8 Jun 18

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2018-6911 CRITICAL POC
9.8 Feb 13

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS

CVE-2018-15704 HIGH POC
8.8 Oct 22

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. Rated high severity (CVSS 8.

CVE-2019-3941 HIGH POC
7.5 Apr 09

Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Rated

CVE-2017-12698 CRITICAL
9.8 Aug 30

An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated critical s

Share

CVE-2014-9208 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy