Skip to main content

Webaccess Hmi Designer CVE-2021-42706

HIGH
Use After Free (CWE-416)
2021-11-15 ics-cert@hq.dhs.gov
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 15, 2021 - 14:15 nvd
HIGH 7.8

DescriptionNVD

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer

AnalysisAI

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer Affected products include: Advantech Webaccess Hmi Designer.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2019-10961 HIGH
8.8 Aug 02

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper va

CVE-2021-33004 HIGH
7.8 Jun 24

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied file

CVE-2021-33002 HIGH
7.8 Jun 24

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbi

CVE-2021-33000 HIGH
7.8 Jun 24

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perfor

CVE-2020-16229 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16217 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16215 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16213 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2020-16207 HIGH
7.8 Aug 06

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2018-8837 HIGH
7.8 Apr 25

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to w

CVE-2018-8835 HIGH
7.8 Apr 25

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafte

CVE-2018-8833 HIGH
7.8 Apr 25

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing s

Share

CVE-2021-42706 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy