CVE-2014-2367
published 2014-07-19CVE-2014-2367: The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary…
PriorityP428medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
1.55%
72.0th percentile
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_webaccess | <= 7.1 | — |
| advantech | advantech_webaccess | — | — |
| advantech | advantech_webaccess | — | — |
| advantech | advantech_webaccess | — | — |
| advantech | webaccess | <= 7.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess Vulnerabilities
cisa_ics·2018-09-06
Advantech WebAccess Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-198-02
## OVERVIEW
NCCIC/ICS-CERT received a report from the Zero Day Initiative (ZDI) concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an updated software version that mitigates these vulnerabilities.
These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are known to be publicly availab
GHSA
GHSA-w3cr-3qxm-287x: The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook
ghsa_unreviewed·2022-05-17
CVE-2014-2367 [MEDIUM] CWE-200 GHSA-w3cr-3qxm-287x: The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-07-19
Published