CVE-2020-16215

Vulnerability

The vulnerability is a stack-based buffer overflow in Advantech WebAccess HMI Designer, versions 2.1.9.31 and prior [1]. The flaw exists in the BwPFile.exe process when handling a specially crafted IOCTL 0x2711 command [2]. The software does not properly validate the length of user-supplied data before copying it to a fixed-length stack-based buffer [2]. No special configuration is required for the vulnerable code path to be reachable beyond opening a malicious project file.

Exploitation

An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted project file to the target system [2]. User interaction is required (e.g., opening the file or triggering the IOCTL via WebAccess). The attack does not require any special network position beyond network access to the affected service. The specific steps involve submitting a crafted IOCTL 0x2711 request to BwPFile.exe, which triggers a stack-based buffer overflow [2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the Administrator account [2]. This can lead to full compromise of the affected system, including remote code execution, disclosure or modification of information, and potential application crash [1]. The CVSS v3.0 base score is 9.8 (Critical) with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating no privileges required and no user interaction for the network-based exploit [2].

Mitigation

Advantech has released updated versions to address these vulnerabilities; users should upgrade to the latest version of WebAccess HMI Designer. The advisory from CISA (ICSA-20-219-02) provides details and recommends applying vendor updates [1]. If an immediate upgrade is not possible, restrict network access to the HMI Designer and avoid opening untrusted project files as a workaround. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.