Memory Corruption Vulnerability in WebAccess HMI Designer by Advantech
CVE-2021-33004

7.8HIGH

Key Information:

Vendor: Advantech
Status: Webaccess Hmi Designer
Vendor: CVE Published:; 24 June 2021

Summary

The WebAccess HMI Designer from Advantech is susceptible to a memory corruption issue stemming from inadequate validation of user-uploaded files. This flaw permits an attacker to potentially execute arbitrary code, necessitating user interaction on versions 2.1.9.95 and earlier. Proper file handling and input validation measures are critical to safeguarding against such vulnerabilities.

Affected Version(s)

WebAccess HMI Designer versions 2.1.9.95 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2021
Vulnerability Reserved
May 13, 2021