3 matches found
Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities
Binary data scadaadvantechwebaccess7220131114.nbin...
Advantech WebAccess bwocxrun.ocx OpenUrlToBufferTimeout方法任意文件访问漏洞
CVE ID:CVE-2014-0772 Advantech WebAccess HMI/SCADA是一款HMI/SCADA软件。 Advantech WebAccess BWOCXRUN.BwocxrunCtrl.1 ActiveX控件bwocxrun.ocx中的OpenUrlToBufferTimeout方法存在安全漏洞,由于程序不正确对'file://' URL进行校验,允许攻击者访问任意文件。 0 Advantech WebAccess 7.1 Advantech WebAccess 7.2版本已修复该漏洞,建议用户下载使用:...
CVE-2014-0772
Advantech WebAccess is affected by CVE-2014-0772 in the bwocxrun.ocx ActiveX control (BwocxrunCtrl.1). The OpenUrlToBufferTimeout method accepts a URL and returns its contents to JavaScript, executing in the current browser session context. The vulnerability arises from lack of URL validation, al...