Advantech WebAccess Webeye ActiveX Control Stack Based Buffer Overflow Vulnerability

High Nessus Plugin ID 81788


The remote host has an ActiveX control with a buffer overflow vulnerability.


The Advantec WebAccess application installed on the remote host includes a third party 'webeye.ocx' ActiveX control that is affected by a stack-based buffer overflow vulnerability when processing input to the 'ip_address' parameter. A remote attacker, using a specially crafted HTML file, can exploit this to execute arbitrary code or crash the application.


Upgrade WebAccess to version 8.0 or later.

See Also

Plugin Details

Severity: High

ID: 81788

File Name: scada_advantech_webaccess_8_0.nbin

Version: $Revision: 1.31 $

Type: remote

Family: SCADA

Published: 2015/03/12

Modified: 2018/01/29

Dependencies: 73645

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 2014/10/20

Vulnerability Publication Date: 2014/11/19

Reference Information

CVE: CVE-2014-8388

BID: 71193

OSVDB: 114842