Main Vulnerability Database Vulnerabilities #VU41830

#VU41830 Information disclosure in Advantech WebAccess - CVE-2014-0771

Published: April 12, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41830

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0771

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Advantech WebAccess

Software vendor:
Advantech Co., Ltd

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

Remediation

Install update from vendor's website.

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03