VARIoT IoT vulnerabilities database
| VAR-201708-1706 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1705 | No CVE | (0Day) Advantech WebAccess TpMegaJVT Set_MD_Mode Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1712 | No CVE | (0Day) Advantech WebAccess TpMegaJVT CreateStream Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1716 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1578 | No CVE | Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Width Stack Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1582 | No CVE | Advantech WebAccess TpMegaJVT createStream Heap Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1708 | No CVE | (0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Height Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1715 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1704 | No CVE | (0Day) Advantech WebAccess nvA1Media Caption Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1587 | No CVE | Advantech WebAccess RtspVapgDecoderNew2 SetLangStringHex Out of Range Access Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
| VAR-201708-1709 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1710 | No CVE | (0Day) Advantech WebAccess TpMegaJVT startSoundRecord Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1711 | No CVE | (0Day) Advantech WebAccess RtspVapgDecoderNew2 SetPaybackFilePath Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1721 | No CVE | (0Day) Eaton ELCSoft Project File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of EPC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process.
| VAR-201708-1722 | No CVE | (0Day) Advantech WebAccess TpMegaJVT startSoundRecord Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1720 | No CVE | (0Day) Advantech WebAccess nvA1Media ExecuteURLCommand Format String Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1724 | No CVE | (0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Name Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1723 | No CVE | (0Day) Advantech WebAccess nvA1Media Contrast Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1707 | No CVE | (0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
| VAR-201708-1581 | No CVE | Advantech WebAccess nvA1Media Connect MediaUsername Stack Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment