Advantech WebAccess bwocxrun.ocx CreateProcess方法远程命令执行漏洞

CVE ID:CVE-2014-0773 Advantech WebAccess HMI/SCADA是一款HMI/SCADA软件。 Advantech WebAccess BWOCXRUN.BwocxrunCtrl.1 ActiveX控件bwocxrun.ocx中的CreateProcess方法存在安全漏洞，如果命令行中包含'\setup.exe', '\bwvbprt.exe'或'\bwvbprtl.exe'，可导致绕过该方法中的命令执行校验机制，以应用程序上下文执行任意命令。 0 Advantech WebAccess 7.1 Advantech WebAccess...

CVE-2014-0771

Advantech WebAccess BWOCXRUN.BwocxrunCtrl.1 OpenUrlToBuffer in bwocxrun.ocx allows reading arbitrary files via file:// URLs because there is no URL validation. This enables remote-access scenarios where an attacker could read local or reachable files through JavaScript, within the browser context...