SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Advantech WebAccess bwocxrun.ocx Command Execution

Category: SCADA-ATTACKS      

The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0773


Relevant Information