Main Vulnerability Database Vulnerabilities #VU41830

Information disclosure in Advantech WebAccess - CVE-2014-0771

Published: April 12, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41830

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0771

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Advantech Co., Ltd

Affected software:
Advantech WebAccess

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

How to mitigate CVE-2014-0771

Install update from vendor's website.

Sources

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03

Information disclosure in Advantech WebAccess - CVE-2014-0771

Detailed vulnerability description

How to mitigate CVE-2014-0771

Sources

Please verify you're human