CVE-2020-16207

Name of the Vulnerable Software and Affected Versions Advantech WebAccess HMI Designer versions 2.1.9.31 and prior

Description The issue is related to multiple heap-based buffer overflow vulnerabilities. These vulnerabilities can be exploited by opening specially crafted project files, which may cause the heap to overflow. This overflow may allow remote code execution, lead to the disclosure or modification of information, or cause the application to crash.

Recommendations For Advantech WebAccess HMI Designer versions 2.1.9.31 and prior, consider avoiding the use of untrusted project files until a patch is available. As a temporary workaround, restrict access to the file parsing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.