Skip to main content

Webaccess Hmi Designer CVE-2021-33002

HIGH
Out-of-bounds Write (CWE-787)
2021-06-24 ics-cert@hq.dhs.gov
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 24, 2021 - 18:15 nvd
HIGH 7.8

DescriptionNVD

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

AnalysisAI

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). Affected products include: Advantech Webaccess\/Hmi Designer.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2019-10961 HIGH
8.8 Aug 02

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper va

CVE-2021-42706 HIGH
7.8 Nov 15

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations

CVE-2021-33004 HIGH
7.8 Jun 24

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied file

CVE-2021-33000 HIGH
7.8 Jun 24

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perfor

CVE-2020-16229 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16217 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16215 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16213 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16207 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2018-8837 HIGH
7.8 Apr 25

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to w

CVE-2018-8835 HIGH
7.8 Apr 25

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafte

CVE-2018-8833 HIGH
7.8 Apr 25

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing s

Share

CVE-2021-33002 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy