PT-2020-14812 · Advantech · Advantech Webaccess Hmi Designer
Kimiya
·
Published
2020-08-06
·
Updated
2022-10-06
·
CVE-2020-16213
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Advantech WebAccess HMI Designer versions 2.1.9.31 and prior
Description
The issue arises from the processing of specially crafted project files that lack proper validation of user-supplied data. This can cause the system to write outside the intended buffer area, potentially allowing remote code execution, disclosure or modification of information, or causing the application to crash.
Recommendations
For Advantech WebAccess HMI Designer versions 2.1.9.31 and prior, consider implementing proper validation of user-supplied data in project files to prevent out-of-bounds write conditions until a patch is available. As a temporary workaround, restrict the processing of project files from untrusted sources to minimize the risk of exploitation.
Fix
RCE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Advantech Webaccess Hmi Designer