Information disclosure in Advantech Advantech_webaccess
CVE-2014-0771
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current bro…
EPSS: 0.003 (57.0th percentile) — read the EPSS interpretation.
Affected products
- Advantech Advantech_webaccess — versions 5.0, 6.0, 7.0
- Advantech Webaccess — versions 7.2, 0
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov
- 66740 (vdb-entry, x_refsource_BID)
- ics-cert@hq.dhs.gov
- af854a3a-2127-422b-91ae-364da2661108 (US Government Resource)