Intrusion Prevention

Advantech.WebAccess.SCADA.bwocxrun.OCX.Command.Execution

Description

This indicates an attack attempt against a Command Execution vulnerability in the Advantech WebAccess SCADA.
The vulnerability, which is located in the "bwocxrun.ocx" ActiveX control, can be exploited through a vulnerable function. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute Operating System Commands within the context of the logged in users.

Affected Products

Advantech WebAccess prior to 7.2

Impact

System Compromise: Remote attackers can execute Operating System Commands within the context of the target users

Recommended Actions

Apply the latest update from the vendor.
http://webaccess.advantech.com/downloads.php?item=software

CVE References

CVE-2014-0773