Skip to main content

Webaccess Hmi Designer CVE-2021-42703

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-11-15 ics-cert@hq.dhs.gov
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 15, 2021 - 15:15 nvd
MEDIUM 6.1

DescriptionNVD

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.

AnalysisAI

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. Affected products include: Advantech Webaccess Hmi Designer.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-10961 HIGH
8.8 Aug 02

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper va

CVE-2021-42706 HIGH
7.8 Nov 15

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations

CVE-2021-33004 HIGH
7.8 Jun 24

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied file

CVE-2021-33002 HIGH
7.8 Jun 24

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbi

CVE-2021-33000 HIGH
7.8 Jun 24

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perfor

CVE-2020-16229 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16217 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16215 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16213 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16207 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2018-8837 HIGH
7.8 Apr 25

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to w

CVE-2018-8835 HIGH
7.8 Apr 25

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafte

Share

CVE-2021-42703 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy