CVE-2019-10961

Name of the Vulnerable Software and Affected Versions Advantech WebAccess HMI Designer version 2.1.9.23 and prior

Description The issue is related to the processing of specially crafted MCR files, which may cause the system to write outside the intended buffer area, allowing remote code execution. This can be exploited by an attacker to execute arbitrary code in the target system using maliciously crafted MCR files or a specially formed web page.

Recommendations For Advantech WebAccess HMI Designer version 2.1.9.23 and prior, update to a version that fixes the MCR file parsing out-of-bounds write issue to prevent remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.