Description
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02
Various Sources
http://webaccess.advantech.com/
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02
Scores
EPSS
0.0051
EPSS Percentile
66.7%
Details
CWE
CWE-200
CWE-623
Status
published
Products (6)
advantech/advantech_webaccess
5.0
advantech/advantech_webaccess
6.0
advantech/advantech_webaccess
7.0
advantech/advantech_webaccess
< 7.1
Advantech/WebAccess
< 7.1
Advantech/WebAccess
7.2
Published
Jul 19, 2014
Tracked Since
Feb 18, 2026