Buffer Overflow Vulnerability in Advantech WebAccess HMI Designer by Advantech
CVE-2019-10961

8.8HIGH

Key Information:

Vendor: Advantech
Status: Advantech Webaccess Hmi Designer
Vendor: CVE Published:; 2 August 2019

Summary

The Advantech WebAccess HMI Designer is susceptible to a buffer overflow due to improper validation of specially crafted MCR files. This flaw could allow attackers to write beyond the intended buffer area, potentially leading to remote code execution on affected systems. Users of versions 2.1.9.23 and earlier should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

Advantech WebAccess HMI Designer Version 2.1.9.23 and prior

References

https://www.us-cert.gov/ics/advisories/icsa-19-213-01

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-19-691/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2019
Vulnerability Reserved
Apr 8, 2019