Unrated severityNVD Advisory· Published Jul 19, 2014· Updated May 6, 2026

CVE-2014-2364

Description

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.

Affected products

Advantech/Advantech Webaccess4 versions
cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*range: <=7.1
- cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*
Advantech/WebAccessv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.htmlnvdExploit
www.securityfocus.com/bid/68714nvdExploit
ics-cert.us-cert.gov/advisories/ICSA-14-198-02nvdThird Party AdvisoryUS Government Resource
webaccess.advantech.comnvd
www.cisa.gov/news-events/ics-advisories/icsa-14-198-02nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.032
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000