CVE-2019-16899

Vulnerability

In Advantech WebAccess/HMI Designer version 2.1.9.31, the function CTagInfoThreadBase::GetNICInfo in the PM_V3 module contains a vulnerability where data from a faulting address controls code flow. This allows an attacker to cause the application to read from an invalid memory address, leading to a crash. The specific address affected is PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918 [1].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted file to the HMI Designer application. As demonstrated in referenced material [1], the crash occurs when the application processes malformed input, causing a read from an invalid memory address (as shown by the register dump in case #02). No authentication or special privileges are required beyond access to the software.

Impact

Successful exploitation results in a denial of service (DoS) due to an application crash. The vulnerability does not appear to allow arbitrary code execution or information disclosure based on available information [1].

Mitigation

No official patch or mitigation has been released for this vulnerability as of the publication date [1]. Users should avoid opening untrusted files in HMI Designer until a fix is provided.