CVE-2018-8837

Name of the Vulnerable Software and Affected Versions Advantech WebAccess HMI Designer version 2.1.7.32 and prior

Description The issue is caused by writing data outside the intended buffer area in memory when processing specially crafted .pm3 files. This may allow remote code execution. The vulnerability can be exploited by an attacker using specially crafted .pm3 files to execute arbitrary code.

Recommendations For Advantech WebAccess HMI Designer version 2.1.7.32 and prior, consider avoiding the use of .pm3 files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.