CVE-2019-10961

Vulnerability

Advantech WebAccess HMI Designer versions 2.1.9.23 and prior contain an out-of-bounds write vulnerability during the processing of specially crafted MCR files. The issue stems from a lack of proper validation of user-supplied data, resulting in a write past the end of an allocated buffer [1][2]. This flaw exists in the application's handling of MCR files, a human-machine interface development file format.

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a malicious MCR file, for example via a web link or email attachment. No authentication is required, but user interaction is necessary. The attacker crafts an MCR file that triggers the out-of-bounds write when processed by the affected software. The CVSS vector indicates local access (AV:L) and low complexity [1][2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process, achieving full compromise of confidentiality, integrity, and availability of the affected system. The attacker can gain the same privileges as the user running the HMI Designer [1][2].

Mitigation

Advantech released version 2.1.9.31 of WebAccess HMI Designer to address this vulnerability. Users are advised to update immediately. As a workaround, users should exercise caution when opening MCR files from untrusted sources and avoid clicking unsolicited links or attachments [2]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog at the time of publication.