Main Vulnerability Database Vulnerabilities #VU41831

Information disclosure in Advantech WebAccess - CVE-2014-0772

Published: April 12, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41831

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0772

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Advantech Co., Ltd

Affected software:
Advantech WebAccess

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

How to mitigate CVE-2014-0772

Install update from vendor's website.

Sources

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03

Information disclosure in Advantech WebAccess - CVE-2014-0772

Detailed vulnerability description

How to mitigate CVE-2014-0772

Sources

Please verify you're human