Skip to main content

Webaccess Hmi Designer CVE-2020-16211

MEDIUM
Out-of-bounds Read (CWE-125)
2020-08-06 ics-cert@hq.dhs.gov
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 06, 2020 - 19:15 nvd
MEDIUM 5.5

DescriptionNVD

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.

AnalysisAI

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. Affected products include: Advantech Webaccess\/Hmi Designer.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2019-10961 HIGH
8.8 Aug 02

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper va

CVE-2021-42706 HIGH
7.8 Nov 15

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations

CVE-2021-33004 HIGH
7.8 Jun 24

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied file

CVE-2021-33002 HIGH
7.8 Jun 24

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbi

CVE-2021-33000 HIGH
7.8 Jun 24

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perfor

CVE-2020-16229 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16217 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16215 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16213 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16207 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2018-8837 HIGH
7.8 Apr 25

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to w

CVE-2018-8835 HIGH
7.8 Apr 25

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafte

Share

CVE-2020-16211 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy