Information disclosure in Advantech Advantech_webaccess

CVE-2014-2367

The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

EPSS: 0.004 (61.6th percentile) — read the EPSS interpretation.

Affected products

Advantech Advantech_webaccess — versions 5.0, 6.0, 7.0
Advantech Webaccess — versions 7.2, 0

Weakness classification (CWE)

References

ics-cert@hq.dhs.gov
68714
af854a3a-2127-422b-91ae-364da2661108 (Third Party Advisory, US Government Resource)