References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named 
OpenUrlToBufferTimeout. This method takes a URL as a parameter and 
returns its contents to the caller in JavaScript. The URLs are accessed 
in the security context of the current browser session. The control does
 not perform any URL validation and allows file:// URLs that access the 
local disk.


The method can be used to open a URL (including file URLs) and read 
the URLs through JavaScript. This method could also be used to reach any
 arbitrary URL to which the browser has access.

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

CWE-538

http://webaccess.advantech.com/

http://www.securityfocus.com/bid/66740

https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03 Types: US Government Resource

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03