Webaccess Hmi Designer
CVE-2020-16229
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
AnalysisAI
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Access of Resource Using Incompatible Type (Type Confusion) (CWE-843), which allows attackers to execute arbitrary code by exploiting type confusion in the application. Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Affected products include: Advantech Webaccess\/Hmi Designer.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict type checking, use type-safe languages, validate object types before operations.
More in Webaccess Hmi Designer
View allIn Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper va
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied file
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbi
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perfor
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to w
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafte
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing s
Share
External POC / Exploit Code
Leaving vuln.today