CVE ID | CVE-2014-2368 |
CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
Advantech |
AFFECTED PRODUCTS |
Advantech WebAccess |
TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['13409']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
VULNERABILITY DETAILS |
The specific flaw exists with the bwocxrun ActiveX control, which allows for navigation from the network to the local file system. When combined with system settings and other components included as part of the installation, this allows for the activation of ActiveX controls resident on the local file system (even if not installed) without user interaction. An attacker can use this to install vulnerable controls on the target system. |
ADDITIONAL DETAILS |
Advantech has issued an update to correct this vulnerability. More details can be found at:
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02 |
DISCLOSURE TIMELINE |
|
CREDIT | Anonymous |