CVE-2021-42703 – AzeoTech DAQFactory
https://notcve.org/view.php?id=CVE-2021-42703
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. Esta vulnerabilidad podría permitir a un atacante enviar código Javascript malicioso resultando en el secuestro de los tokens de cookies/sesión del usuario, redirigiendo al usuario a una página web maliciosa y llevando a cabo una acción no deseada en el navegador • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-42706 – AzeoTech DAQFactory
https://notcve.org/view.php?id=CVE-2021-42706
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer Esta vulnerabilidad podría permitir a un atacante revelar información y ejecutar código arbitrario en las instalaciones afectadas de WebAccess/MHI Designer • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-416: Use After Free •
CVE-2019-10961 – Advantech WebAccess HMI Designer MCR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10961
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. En WebAccess HMI Designer de Advantech versión 2.1.9.23 y anteriores, el procesamiento de archivos MCR especialmente diseñados que carecen de una comprobación apropiada de datos suministrados por el usuario, puede causar que el sistema escriba fuera del área de búfer prevista, permitiendo la ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MCR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • https://www.us-cert.gov/ics/advisories/icsa-19-213-01 https://www.zerodayinitiative.com/advisories/ZDI-19-691 • CWE-787: Out-of-bounds Write •
CVE-2018-8835
https://notcve.org/view.php?id=CVE-2018-8835
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. Vulnerabilidades de doble liberación (double free) en Advantech WebAccess HMI Designer, en versiones 2.1.7.32 y anteriores, provocadas por el procesamiento de archivos .pm3 especialmente manipulados, podrían permitir la ejecución remota de código. • http://www.securityfocus.com/bid/103972 https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03 • CWE-415: Double Free •
CVE-2018-8837
https://notcve.org/view.php?id=CVE-2018-8837
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. El procesamiento de archivos .pm3 especialmente manipulados en Advantech WebAccess HMI Designer, en versiones 2.1.7.32 y anteriores, podría provocar que el sistema escriba fuera del área del búfer planeada y podría permitir la ejecución remota de código. • http://www.securityfocus.com/bid/103972 https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03 • CWE-787: Out-of-bounds Write •