Information disclosure in Advantech Advantech_webaccess
CVE-2014-2368
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
EPSS: 0.005 (66.8th percentile) — read the EPSS interpretation.
Affected products
- Advantech Advantech_webaccess — versions 5.0, 6.0, 7.0
- Advantech Webaccess — versions 7.2, 0
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov
- 68714
- af854a3a-2127-422b-91ae-364da2661108 (Third Party Advisory, US Government Resource)