CVE-2014-0771 (GCVE-0-2014-0771)

Vulnerability from cvelistv5 – Published: 2014-04-12 01:00 – Updated: 2025-09-19 19:15
VLAI?
Summary
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows “file://” URLs that access the local disk. The method can be used to open a URL (including file URLs) and read file URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Advantech WebAccess Affected: 0 , ≤ 7.1 (custom)
Unaffected: 7.2
Create a notification for this product.
Credits
Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP’s Zero Day Initiative (ZDI)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WebAccess",
          "vendor": "Advantech",
          "versions": [
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "7.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP\u2019s Zero Day Initiative (ZDI)"
        }
      ],
      "datePublic": "2014-04-08T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\u003c/p\u003e\u003cp\u003eThe BWOCXRUN.BwocxrunCtrl.1 control contains a method named \n\u201cOpenUrlToBuffer.\u201d This method takes a URL as a parameter and returns \nits contents to the caller in JavaScript. The URLs are accessed in the \nsecurity context of the current browser session. The control does not \nperform any URL validation and allows \u201cfile://\u201d URLs that access the \nlocal disk.\u003c/p\u003e\n\u003cp\u003eThe method can be used to open a URL (including file URLs) and read \nfile URLs through JavaScript. This method could also be used to reach \nany arbitrary URL to which the browser has access.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \n\u201cOpenUrlToBuffer.\u201d This method takes a URL as a parameter and returns \nits contents to the caller in JavaScript. The URLs are accessed in the \nsecurity context of the current browser session. The control does not \nperform any URL validation and allows \u201cfile://\u201d URLs that access the \nlocal disk.\n\n\nThe method can be used to open a URL (including file URLs) and read \nfile URLs through JavaScript. This method could also be used to reach \nany arbitrary URL to which the browser has access."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T19:15:27.669Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
        },
        {
          "name": "66740",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66740"
        },
        {
          "url": "http://webaccess.advantech.com/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAdvantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/downloads.php?item=software\"\u003ehttp://webaccess.advantech.com/downloads.php?item=software\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor additional information about WebAccess, please visit the following Advantech web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\"\u003ehttp://webaccess.advantech.com/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Advantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u00a0 http://webaccess.advantech.com/downloads.php?item=software \n\nFor additional information about WebAccess, please visit the following Advantech web site:\u00a0 http://webaccess.advantech.com/"
        }
      ],
      "source": {
        "advisory": "ICSA-14-079-03",
        "discovery": "EXTERNAL"
      },
      "title": "Advantech WebAccess File and Directory Information Exposure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0763",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
            },
            {
              "name": "66740",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66740"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0771",
    "datePublished": "2014-04-12T01:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2025-09-19T19:15:27.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.1\", \"matchCriteriaId\": \"3D097D1E-9A02-40B0-93BD-163A11638118\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"090C819C-5964-4158-80E6-2D4751A5E8BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CF61F9C-360A-4B70-951D-8EE9CF6E55FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1082E1D5-AF49-431F-9172-98C2D2887C96\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00e9todo OpenUrlToBuffer en el control BWOCXRUN.BwocxrunCtrl.1 ActiveX en bwocxrun.ocx en Advantech WebAccess anterior a 7.2 permite a atacantes remotos leer archivos arbitrarios a trav\\u00e9s de un fichero: URL.\"}]",
      "id": "CVE-2014-0771",
      "lastModified": "2024-11-21T02:02:46.837",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-04-12T04:37:31.643",
      "references": "[{\"url\": \"http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0771\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2014-04-12T04:37:31.643\",\"lastModified\":\"2025-09-19T20:15:37.683\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \\n\u201cOpenUrlToBuffer.\u201d This method takes a URL as a parameter and returns \\nits contents to the caller in JavaScript. The URLs are accessed in the \\nsecurity context of the current browser session. The control does not \\nperform any URL validation and allows \u201cfile://\u201d URLs that access the \\nlocal disk.\\n\\n\\nThe method can be used to open a URL (including file URLs) and read \\nfile URLs through JavaScript. This method could also be used to reach \\nany arbitrary URL to which the browser has access.\"},{\"lang\":\"es\",\"value\":\"El m\u00e9todo OpenUrlToBuffer en el control BWOCXRUN.BwocxrunCtrl.1 ActiveX en bwocxrun.ocx en Advantech WebAccess anterior a 7.2 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un fichero: URL.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-538\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.1\",\"matchCriteriaId\":\"3D097D1E-9A02-40B0-93BD-163A11638118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090C819C-5964-4158-80E6-2D4751A5E8BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CF61F9C-360A-4B70-951D-8EE9CF6E55FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1082E1D5-AF49-431F-9172-98C2D2887C96\"}]}]}],\"references\":[{\"url\":\"http://webaccess.advantech.com/\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://www.securityfocus.com/bid/66740\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.