CVE-2014-0991
published 2014-09-20CVE-2014-0991: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.57%
83.2th percentile
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_webaccess | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess Vulnerabilities
cisa_ics·2018-09-06
Advantech WebAccess Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-261-01
## OVERVIEW
Researcher Ricardo Narvaja of Core Security Technologies has identified several buffer overflow vulnerabilities in Advantech’s WebAccess application. Advantech has produced a patch that mitigates these vulnerabilities. The researcher has tested the patch to validate that it resolves the vulnerabilities. These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Advantech WebAccess versions are affected:
- WebAccess Version 7.2.
## IMPACT
An atta
GHSA
GHSA-qwjx-r4cv-gf2x: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7
ghsa_unreviewed·2022-05-17
CVE-2014-0991 [MEDIUM] CWE-119 GHSA-qwjx-r4cv-gf2x: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-09-20
Published