VARIoT IoT vulnerabilities database
| VAR-201708-1580 | No CVE | Advantech WebAccess RtspVapgDecoderNew2 SetPaybackFilePath Stack Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1691 | No CVE | (0Day) Advantech WebAccess nvA1Media GetMDInterval Out-Of-Bounds Access Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1703 | No CVE | (0Day) Advantech WebAccess bwocxrun OpenUrlToBufferTimeout Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within bwocxrun.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1583 | No CVE | Advantech WebAccess TpMegaJVT setCameraName Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1586 | No CVE | Advantech WebAccess nvA1Media DeviceType 3 Stack Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1718 | No CVE | (0Day) Eaton ELCSoft ELCSimulator Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of network TCP requests by ELCSimulator.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process.
| VAR-201708-1719 | No CVE | (0Day) Advantech WebAccess TpMegaJVT CreateSound Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1717 | No CVE | (0Day) Advantech WebAccess VideoDAQ SDFileEnum Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within VideoDAQ.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1577 | No CVE | Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D High Stack Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The length of the data provided by the user is not verified
| VAR-201708-1695 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1696 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1699 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1702 | No CVE | (0Day) Advantech WebAccess nvA1Media SetMDInterval Out-Of-Bounds Access Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1706 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1705 | No CVE | (0Day) Advantech WebAccess TpMegaJVT Set_MD_Mode Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1712 | No CVE | (0Day) Advantech WebAccess TpMegaJVT CreateStream Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1716 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1578 | No CVE | Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Width Stack Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1582 | No CVE | Advantech WebAccess TpMegaJVT createStream Heap Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1708 | No CVE | (0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Height Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.