CVE-2018-8837

Vulnerability

An out-of-bounds write vulnerability (CWE-787) exists in Advantech WebAccess HMI Designer version 2.1.7.32 and prior [1]. The issue occurs when the application processes specially crafted .pm3 project files, causing it to write outside the intended buffer area [1]. This vulnerability is distinct from heap-based buffer overflow (CVE-2018-8833) and double free (CVE-2018-8835) issues also reported in the same product [1].

Exploitation

An attacker can exploit this vulnerability remotely by delivering a malicious .pm3 file to the user [1]. The user must open the crafted file in the HMI Designer software; no authentication is required, and the attack requires low skill level [1]. The CVSS vector string (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) indicates network access, low complexity, no privileges, but user interaction is necessary [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the application [1]. This can lead to partial compromise of confidentiality, integrity, and availability (CVSS v3 base score of 6.3) [1]. The achievable impact is limited to the user's privileges and system environment.

Mitigation

As of the publication date (2018-04-25), the vendor had not released a patch; NCCIC worked with Advantech to provide mitigation steps, but details were not yet available in the public advisory [1]. Users should restrict network access, avoid opening untrusted .pm3 files, and monitor vendor updates for a fixed version [1].