Vulnerability-Lookup

VAR-201404-0547

Vulnerability from variot - Updated: 2025-09-21 23:04

The method can be used to open a URL (including file URLs) and read the URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. This vulnerability allows remote attackers to access arbitrary files on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx cntrol. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "advantech",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "advantech",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "advantech",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "advantech",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "advantech",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "advantech",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "webaccess",
        "scope": null,
        "trust": 0.7,
        "vendor": "advantech",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "advantech webaccess",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "advantech webaccess",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "advantech webaccess",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "advantech webaccess",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-138"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0772"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:advantech:advantech_webaccess",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Anonymous",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-138"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-0772",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ics-cert@hq.dhs.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0772",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 3.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2014-02266",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "719091cc-1edf-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "7d7bf371-463f-11e9-a294-000c29342cb1",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "16660ba2-2352-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-68265",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "ics-cert@hq.dhs.gov",
            "id": "CVE-2014-0772",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0772",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0772",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "ZDI",
            "id": "CVE-2014-0772",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-02266",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201404-177",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "719091cc-1edf-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "7d7bf371-463f-11e9-a294-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "16660ba2-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-68265",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-138"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0772"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0772"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \nOpenUrlToBufferTimeout. This method takes a URL as a parameter and \nreturns its contents to the caller in JavaScript. The URLs are accessed \nin the security context of the current browser session. The control does\n not perform any URL validation and allows file:// URLs that access the \nlocal disk. \n\n\nThe method can be used to open a URL (including file URLs) and read \nthe URLs through JavaScript. This method could also be used to reach any\n arbitrary URL to which the browser has access. This vulnerability allows remote attackers to access arbitrary files on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx cntrol. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-138"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      },
      {
        "db": "BID",
        "id": "66749"
      },
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68265"
      }
    ],
    "trust": 3.69
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0772",
        "trust": 4.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-079-03",
        "trust": 3.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-177",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "66749",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "66740",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-2094",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-138",
        "trust": 0.7
      },
      {
        "db": "OSVDB",
        "id": "105570",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "57873",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "719091CC-1EDF-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "7D7BF371-463F-11E9-A294-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "16660BA2-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-68265",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-138"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68265"
      },
      {
        "db": "BID",
        "id": "66749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0772"
      }
    ]
  },
  "id": "VAR-201404-0547",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68265"
      }
    ],
    "trust": 1.73470696
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      }
    ]
  },
  "last_update_date": "2025-09-21T23:04:13.955000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Downloads ::: WebAccess Software",
        "trust": 0.8,
        "url": "http://webaccess.advantech.com/downloads.php?item=software"
      },
      {
        "title": "Advantech WebAccess",
        "trust": 0.8,
        "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx"
      },
      {
        "title": "Advantech has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
      },
      {
        "title": "Advantech WebAccess bwocxrun.ocx OpenUrlToBufferTimeout method patch for arbitrary file access vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/44790"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-138"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-538",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0772"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 3.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/66740"
      },
      {
        "trust": 1.0,
        "url": "http://webaccess.advantech.com/"
      },
      {
        "trust": 1.0,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0772"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0772"
      },
      {
        "trust": 0.6,
        "url": "http://osvdb.com/show/osvdb/105570"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/57873"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-138"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0772"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-138",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-68265",
        "ident": null
      },
      {
        "db": "BID",
        "id": "66749",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-177",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001982",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0772",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2014-04-11T00:00:00",
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "date": "2014-04-11T00:00:00",
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1",
        "ident": null
      },
      {
        "date": "2014-04-11T00:00:00",
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "date": "2014-05-19T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-138",
        "ident": null
      },
      {
        "date": "2014-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-02266",
        "ident": null
      },
      {
        "date": "2014-04-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68265",
        "ident": null
      },
      {
        "date": "2014-04-08T00:00:00",
        "db": "BID",
        "id": "66749",
        "ident": null
      },
      {
        "date": "2014-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-177",
        "ident": null
      },
      {
        "date": "2014-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001982",
        "ident": null
      },
      {
        "date": "2014-04-12T04:37:31.673000",
        "db": "NVD",
        "id": "CVE-2014-0772",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2014-05-19T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-138",
        "ident": null
      },
      {
        "date": "2014-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-02266",
        "ident": null
      },
      {
        "date": "2014-04-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68265",
        "ident": null
      },
      {
        "date": "2014-05-22T17:54:00",
        "db": "BID",
        "id": "66749",
        "ident": null
      },
      {
        "date": "2014-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-177",
        "ident": null
      },
      {
        "date": "2014-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001982",
        "ident": null
      },
      {
        "date": "2025-09-19T20:15:37.850000",
        "db": "NVD",
        "id": "CVE-2014-0772",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-177"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Advantech WebAccess bwocxrun.ocx OpenUrlToBufferTimeout Method Arbitrary File Access Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-02266"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "_id": null,
    "data": "Information leakage",
    "sources": [
      {
        "db": "IVD",
        "id": "719091cc-1edf-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7bf371-463f-11e9-a294-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "16660ba2-2352-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 0.6
  }
}

CVE-2014-0772 (GCVE-0-2014-0772)

Vulnerability from cvelistv5 – Published: 2014-04-12 01:00 – Updated: 2025-09-19 19:19

Title

Advantech WebAccess File and Directory Information Exposure

Summary

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows file:// URLs that access the local disk. The method can be used to open a URL (including file URLs) and read the URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access.

Severity ?

No CVSS data available.

CWE

CWE-538

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	http://www.securityfocus.com/bid/66740	vdb-entryx_refsource_BID
	http://webaccess.advantech.com/

Impacted products

	Vendor	Product	Version
	Advantech	WebAccess	Affected: 0 , ≤ 7.1 (custom) Unaffected: 7.2

Credits

Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP’s Zero Day Initiative (ZDI)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WebAccess",
          "vendor": "Advantech",
          "versions": [
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "7.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP\u2019s Zero Day Initiative (ZDI)"
        }
      ],
      "datePublic": "2014-04-08T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eThe BWOCXRUN.BwocxrunCtrl.1 control contains a method named \nOpenUrlToBufferTimeout. This method takes a URL as a parameter and \nreturns its contents to the caller in JavaScript. The URLs are accessed \nin the security context of the current browser session. The control does\n not perform any URL validation and allows file:// URLs that access the \nlocal disk.\u003c/p\u003e\n\u003cp\u003eThe method can be used to open a URL (including file URLs) and read \nthe URLs through JavaScript. This method could also be used to reach any\n arbitrary URL to which the browser has access.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \nOpenUrlToBufferTimeout. This method takes a URL as a parameter and \nreturns its contents to the caller in JavaScript. The URLs are accessed \nin the security context of the current browser session. The control does\n not perform any URL validation and allows file:// URLs that access the \nlocal disk.\n\n\nThe method can be used to open a URL (including file URLs) and read \nthe URLs through JavaScript. This method could also be used to reach any\n arbitrary URL to which the browser has access."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T19:19:40.873Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
        },
        {
          "name": "66740",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66740"
        },
        {
          "url": "http://webaccess.advantech.com/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAdvantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/downloads.php?item=software\"\u003ehttp://webaccess.advantech.com/downloads.php?item=software\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor additional information about WebAccess, please visit the following Advantech web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\"\u003ehttp://webaccess.advantech.com/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Advantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u00a0 http://webaccess.advantech.com/downloads.php?item=software \n\nFor additional information about WebAccess, please visit the following Advantech web site:\u00a0 http://webaccess.advantech.com/"
        }
      ],
      "source": {
        "advisory": "ICSA-14-079-03",
        "discovery": "EXTERNAL"
      },
      "title": "Advantech WebAccess File and Directory Information Exposure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0763",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
            },
            {
              "name": "66740",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66740"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0772",
    "datePublished": "2014-04-12T01:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2025-09-19T19:19:40.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-201404-0547

CVE-2014-0772 (GCVE-0-2014-0772)

Tags

Sightings

Nomenclature