PT-2018-1177 · Advantech · Advantech Webaccess Hmi Designer

Steven Seeley

Published

2018-04-24

Updated

2019-10-09

CVE-2018-8837

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess HMI Designer version 2.1.7.32 and prior

Description The issue is caused by writing data outside the intended buffer area in memory when processing specially crafted .pm3 files. This may allow remote code execution. The vulnerability can be exploited by an attacker using specially crafted .pm3 files to execute arbitrary code.

Recommendations For Advantech WebAccess HMI Designer version 2.1.7.32 and prior, consider avoiding the use of .pm3 files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2018-00632

CVE-2018-8837

Affected Products

Advantech Webaccess Hmi Designer

PT-2018-1177 · Advantech · Advantech Webaccess Hmi Designer

CVE-2018-8837

Weakness Enumeration

Related Identifiers

Affected Products

References · 8