CVE-2020-16229
Description
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Type confusion vulnerability in Advantech WebAccess HMI Designer allows remote code execution via specially crafted project files.
Vulnerability
Versions 2.1.9.31 and prior of Advantech WebAccess HMI Designer are affected by a type confusion vulnerability in the parsing of PM3 project files. The issue results from a lack of proper validation of user-supplied data, leading to a type confusion condition [1][2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a malicious PM3 project file, for example via email or a compromised website. User interaction is required, but no authentication is needed. The flaw can be triggered remotely, with low skill level required [2].
Impact
Successful exploitation can allow an attacker to execute arbitrary code in the context of the current process, disclose or modify information, or cause the application to crash. The CVSS v3 base score is 7.8, indicating high impact to confidentiality, integrity, and availability [1][2].
Mitigation
Advantech has released a fix in version 2.1.9.32 of WebAccess HMI Designer. Users are advised to update to the latest version. No workarounds are available; applying the patch is the recommended mitigation [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Advantech/WebAccess HMI Designerdescription
- Range: <=2.1.9.31
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- us-cert.cisa.gov/ics/advisories/icsa-20-219-02mitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-20-954/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.