Heap-based Buffer Overflow in WebAccess HMI Designer Affects Multiple Versions
CVE-2021-33000

7.8HIGH

Key Information:

Vendor
Advantech
Status
Webaccess Hmi Designer
Vendor
CVE Published:
24 June 2021

Summary

The WebAccess HMI Designer can be exploited through a maliciously crafted project file, potentially leading to a heap-based buffer overflow. This could enable an attacker to execute arbitrary code within the context of the application. It's important to note that user interaction is required to trigger this vulnerability, making it essential for users to be cautious when opening project files from untrusted sources.

Affected Version(s)

WebAccess HMI Designer versions 2.1.9.95 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.