Main Vulnerability Database Vulnerabilities #VU41831

#VU41831 Information disclosure in Advantech WebAccess - CVE-2014-0772

Published: April 12, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41831

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0772

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Advantech WebAccess

Software vendor:
Advantech Co., Ltd

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

Remediation

Install update from vendor's website.

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03

#VU41831 Information disclosure in Advantech WebAccess - CVE-2014-0772

Description

Remediation

External links

Please verify you're human