VARIoT IoT vulnerabilities database
| VAR-201708-1715 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1704 | No CVE | (0Day) Advantech WebAccess nvA1Media Caption Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1587 | No CVE | Advantech WebAccess RtspVapgDecoderNew2 SetLangStringHex Out of Range Access Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1709 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1710 | No CVE | (0Day) Advantech WebAccess TpMegaJVT startSoundRecord Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1711 | No CVE | (0Day) Advantech WebAccess RtspVapgDecoderNew2 SetPaybackFilePath Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1721 | No CVE | (0Day) Eaton ELCSoft Project File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of EPC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process.
| VAR-201708-1722 | No CVE | (0Day) Advantech WebAccess TpMegaJVT startSoundRecord Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1720 | No CVE | (0Day) Advantech WebAccess nvA1Media ExecuteURLCommand Format String Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1724 | No CVE | (0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Name Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1723 | No CVE | (0Day) Advantech WebAccess nvA1Media Contrast Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1707 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1581 | No CVE | Advantech WebAccess nvA1Media Connect MediaUsername Stack Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1714 | No CVE | (0Day) Advantech WebAccess RtspVapgDecoderNew2 SetLangString Out-of-bounds Access Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201806-1812 | No CVE | (0Day) Advantech WebAccess ExlViewer getTemplateDetailByName template SQL Injection Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within ExlViewer.dll. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to extract information from the underlying database. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201806-1811 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack buffer overflow vulnerability exists in Advantech WebAccess. Failed exploit attempts will likely cause a denial-of-service condition
| VAR-201708-1692 | No CVE | (0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Width Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1693 | No CVE | (0Day) Advantech WebAccess nvA1Media Brightness Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1694 | No CVE | (0Day) Advantech WebAccess nvA1Media Hue Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1698 | No CVE | (0Day) Advantech WebAccess TpMegaJVT getSectionValue createStream Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.