github - ghsa-3qw9-q2mc-39j2

GHSA-3QW9-Q2MC-39J2

Vulnerability from github – Published: 2022-05-17 04:39 – Updated: 2025-10-06 18:31

Details

The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-623"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-07-19T05:09:00Z",
    "severity": "MODERATE"
  },
  "details": "The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.",
  "id": "GHSA-3qw9-q2mc-39j2",
  "modified": "2025-10-06T18:31:00Z",
  "published": "2022-05-17T04:39:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2368"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"
    },
    {
      "type": "WEB",
      "url": "http://webaccess.advantech.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2014-2368 (GCVE-0-2014-2368)

Vulnerability from cvelistv5 – Published: 2014-07-19 01:00 – Updated: 2025-10-06 17:46

Summary

The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

Severity ?

No CVSS data available.

CWE

CWE-623

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	http://webaccess.advantech.com/

Impacted products

	Vendor	Product	Version
	Advantech	WebAccess	Affected: 0 , ≤ 7.1 (custom) Unaffected: 7.2

Credits

reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:25.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WebAccess",
          "vendor": "Advantech",
          "versions": [
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "7.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others"
        }
      ],
      "datePublic": "2014-07-15T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\nThe BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.\n\n\u003c/p\u003e"
            }
          ],
          "value": "The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-623",
              "description": "CWE-623",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-06T17:46:06.036Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"
        },
        {
          "name": "68714",
          "url": "http://webaccess.advantech.com/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAdvantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\"\u003ehttp://webaccess.advantech.com/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Advantech released a new WebAccess Installation Package v7.2 on June \n6, 2014, that removes some vulnerable ActiveX components and resolves \nthe vulnerabilities within others. The download link for v7.2 is \navailable at:\n\n\n http://webaccess.advantech.com/"
        }
      ],
      "source": {
        "advisory": "ICSA-14-198-02",
        "discovery": "UNKNOWN"
      },
      "title": "Advantech WebAccess Unsafe ActiveX Control Marked Safe For Scripting",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-2364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"
            },
            {
              "name": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html"
            },
            {
              "name": "68714",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68714"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-2368",
    "datePublished": "2014-07-19T01:00:00",
    "dateReserved": "2014-03-13T00:00:00",
    "dateUpdated": "2025-10-06T17:46:06.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-3QW9-Q2MC-39J2

CVE-2014-2368 (GCVE-0-2014-2368)

Tags

Sightings

Nomenclature