Vulnerability Details CVE-2014-0773
The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.0%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2014-0773
-
cpe:2.3:a:advantech:advantech_webaccess:5.0
-
cpe:2.3:a:advantech:advantech_webaccess:6.0
-
cpe:2.3:a:advantech:advantech_webaccess:7.0