12 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-33002 – Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-33002

24 Jun 2021 — Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). Abriendo un archivo de proyecto diseñado maliciosamente puede causar una escritura fuera de límites, que puede permitir a un atacante ejecutar código arbitrario. Es requerida una interacción del usuario en el WebAccess HMI Designer (versiones 2.1.9.95 y anteriores) This vulnerability allows... • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-33004 – Advantech WebAccess/HMI Designer PM3 File Parsing Memory Corruption Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-33004

24 Jun 2021 — The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). El producto afectado es vulnerable a una condición de corrupción de memoria debido a una falta de comprobación apropiada de los archivos suministrados por el usuario, que puede permitir a un atacante ejecutar código arbitrario. Es requerida una... • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-33000 – Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-33000

28 Apr 2021 — Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). El análisis de un archivo de proyecto diseñado maliciosamente puede causar un desbordamiento del búfer en la región heap de la memoria, que puede permitir a un atacante llevar a cabo una ejecución de código arbitraria. Es requerida una interacción del usuario en el WebAcces... • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2020-16229 – Advantech WebAccess/HMI Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-16229

06 Aug 2020 — Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. El procesamiento de archivos de proyecto especialmente diseñados carecen de comprobación apropiada de los datos proporcionados por un usuar... • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0

CVE-2020-16207 – Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-16207

06 Aug 2020 — Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. Múltiples vulnerabilidades de desbordamiento del búfer en la región heap de la memoria pueden ser explotadas al abrir archivos d... • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-16211 – Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2020-16211

06 Aug 2020 — Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. Una vulnerabilidad de lectura fuera de límites puede ser explotada mediante el procesamiento de archivos de proyecto especialmente diseñados, lo que puede permitir a un atacante leer información This vulnerability allows remote attac... • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2020-16213 – Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-16213

06 Aug 2020 — Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. El procesamiento de archivos de proyecto especialmente diseñados carecen de una comprobación apropiada de los dat... • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-16215 – Advantech WebAccess IOCTL 0x2711 BwPFile Stack-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-16215

06 Aug 2020 — Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. El procesamiento de archivos de proyecto especialmente diseñados carecen de una comprobación apropiada de los datos proporcionados por u... • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2020-16217 – Advantech WebAccess/HMI Designer PM3 File Parsing Double Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-16217

06 Aug 2020 — Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. Una vulnerabilidad de doble liberación causada por el procesamiento de archivos de proyecto especialmente diseñados puede permitir una ejecución de código remota, divulgación y modificación de ... • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02 • CWE-415: Double Free •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16899

https://notcve.org/view.php?id=CVE-2019-16899

26 Sep 2019 — In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. En Advantech WebAccess/HMI Designer versión 2.1.9.31, los Datos desde una Dirección en Fallo controlan el Flujo de Código que inicia en PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. • http://code610.blogspot.com/2019/09/crashing-webaccesshmi-designer-21931.html •