PT-2018-1176 · Advantech · Advantech Webaccess Hmi Designer
Steven Seeley
·
Published
2018-04-24
·
Updated
2019-10-09
·
CVE-2018-8835
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Advantech WebAccess HMI Designer version 2.1.7.32 and prior
Description
The issue is caused by double free vulnerabilities when processing specially crafted .pm3 files, which may allow remote code execution. An attacker could exploit this issue by using specially formed .pm3 files to execute arbitrary code remotely.
Recommendations
For Advantech WebAccess HMI Designer version 2.1.7.32 and prior, consider avoiding the use of .pm3 files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the functionality that processes .pm3 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Advantech Webaccess Hmi Designer