CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42703 – AzeoTech DAQFactory
https://notcve.org/view.php?id=CVE-2021-42703
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. Esta vulnerabilidad podría permitir a un atacante enviar código Javascript malicioso resultando en el secuestro de los tokens de cookies/sesión del usuario, redirigiendo al usuario a una página web maliciosa y llevando a cabo una acción no deseada en el navegador • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42706 – AzeoTech DAQFactory
https://notcve.org/view.php?id=CVE-2021-42706
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer Esta vulnerabilidad podría permitir a un atacante revelar información y ejecutar código arbitrario en las instalaciones afectadas de WebAccess/MHI Designer • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33004 – Advantech WebAccess/HMI Designer PM3 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-33004
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). El producto afectado es vulnerable a una condición de corrupción de memoria debido a una falta de comprobación apropiada de los archivos suministrados por el usuario, que puede permitir a un atacante ejecutar código arbitrario. Es requerida una interacción del usuario en el WebAccess HMI Designer (versiones 2.1.9.95 y anteriores) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33002 – Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-33002
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). Abriendo un archivo de proyecto diseñado maliciosamente puede causar una escritura fuera de límites, que puede permitir a un atacante ejecutar código arbitrario. Es requerida una interacción del usuario en el WebAccess HMI Designer (versiones 2.1.9.95 y anteriores) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33000 – Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-33000
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). El análisis de un archivo de proyecto diseñado maliciosamente puede causar un desbordamiento del búfer en la región heap de la memoria, que puede permitir a un atacante llevar a cabo una ejecución de código arbitraria. Es requerida una interacción del usuario en el WebAccess HMI Designer (versiones 2.1.9.95 y anteriores) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •