Skip to main content

Webaccess Hmi Designer CVE-2021-33004

HIGH
Buffer Overflow (CWE-119)
2021-06-24 ics-cert@hq.dhs.gov
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 24, 2021 - 18:15 nvd
HIGH 7.8

DescriptionNVD

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

AnalysisAI

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). Affected products include: Advantech Webaccess\/Hmi Designer.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2019-10961 HIGH
8.8 Aug 02

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper va

CVE-2021-42706 HIGH
7.8 Nov 15

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations

CVE-2021-33002 HIGH
7.8 Jun 24

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbi

CVE-2021-33000 HIGH
7.8 Jun 24

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perfor

CVE-2020-16229 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16217 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16215 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16213 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16207 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2018-8837 HIGH
7.8 Apr 25

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to w

CVE-2018-8835 HIGH
7.8 Apr 25

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafte

CVE-2018-8833 HIGH
7.8 Apr 25

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing s

Share

CVE-2021-33004 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy