CVE-2018-8835

Name of the Vulnerable Software and Affected Versions Advantech WebAccess HMI Designer version 2.1.7.32 and prior

Description The issue is caused by double free vulnerabilities when processing specially crafted .pm3 files, which may allow remote code execution. An attacker could exploit this issue by using specially formed .pm3 files to execute arbitrary code remotely.

Recommendations For Advantech WebAccess HMI Designer version 2.1.7.32 and prior, consider avoiding the use of .pm3 files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the functionality that processes .pm3 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.