Page 8 of 200 results (0.016 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. Una vulnerabilidad de lectura fuera de límites puede ser explotada mediante el procesamiento de archivos de proyecto especialmente diseñados, lo que puede permitir a un atacante leer información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 https://www.zerodayinitiative.com/advisories/ZDI-20-957 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. El procesamiento de archivos de proyecto especialmente diseñados carecen de una comprobación apropiada de los datos proporcionados por un usuario puede hacer que el sistema escriba fuera del área de búfer prevista, lo que puede permitir una ejecución de código remota, divulgación y modificación de información o causar que la aplicación se bloquee This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 https://www.zerodayinitiative.com/advisories/ZDI-20-956 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. El procesamiento de archivos de proyecto especialmente diseñados carecen de una comprobación apropiada de los datos proporcionados por un usuario puede causar un desbordamiento del búfer en la región stack de la memoria, lo que puede permitir una ejecución de código remota, divulgación y modificación de información o causar que la aplicación se bloquee This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwPFile.exe when invoked via IOCTL 0x2711. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 https://www.zerodayinitiative.com/advisories/ZDI-20-953 • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. Una vulnerabilidad de doble liberación causada por el procesamiento de archivos de proyecto especialmente diseñados puede permitir una ejecución de código remota, divulgación y modificación de información o causar que la aplicación se bloquee This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM3 files. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 https://www.zerodayinitiative.com/advisories/ZDI-20-952 • CWE-415: Double Free •

CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. WebAccess Node versión 8.4.4 y anteriores, es vulnerable a un desbordamiento de búfer en la región stack de la memoria, que puede permitir a un atacante ejecutar código arbitrario remotamente This vulnerability allows local attackers to escalate privileges on affected installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the PostgreSQL database. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://www.us-cert.gov/ics/advisories/icsa-20-161-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •