WebAccess HMI Designer
by Advantech
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42703 | 0.00 | — | 0.00 | Nov 15, 2021 | This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | |||
| CVE-2021-42706 | 0.00 | — | 0.00 | Nov 15, 2021 | This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | |||
| CVE-2020-16229 | 0.00 | — | 0.01 | Aug 6, 2020 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause… | |||
| CVE-2020-16207 | 0.00 | — | 0.03 | Aug 6, 2020 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of… | |||
| CVE-2020-16211 | 0.00 | — | 0.00 | Aug 6, 2020 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. | |||
| CVE-2020-16213 | 0.00 | — | 0.01 | Aug 6, 2020 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution,… | |||
| CVE-2020-16215 | 0.00 | — | 0.01 | Aug 6, 2020 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or… | |||
| CVE-2020-16217 | 0.00 | — | 0.01 | Aug 6, 2020 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||
| CVE-2019-16899 | 0.00 | — | 0.00 | Sep 26, 2019 | In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | |||
| CVE-2019-16900 | 0.00 | — | 0.00 | Sep 26, 2019 | Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | |||
| CVE-2019-16901 | 0.00 | — | 0.00 | Sep 26, 2019 | Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | |||
| CVE-2019-10961 | 0.00 | — | 0.01 | Aug 2, 2019 | In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | |||
| CVE-2018-8833 | 0.00 | — | 0.01 | Apr 25, 2018 | Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | |||
| CVE-2018-8837 | 0.00 | — | 0.00 | Apr 25, 2018 | Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. | |||
| CVE-2018-8835 | 0.00 | — | 0.00 | Apr 25, 2018 | Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. |
- CVE-2021-42703Nov 15, 2021risk 0.00cvss —epss 0.00
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.
- CVE-2021-42706Nov 15, 2021risk 0.00cvss —epss 0.00
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer
- CVE-2020-16229Aug 6, 2020risk 0.00cvss —epss 0.01
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause…
- CVE-2020-16207Aug 6, 2020risk 0.00cvss —epss 0.03
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of…
- CVE-2020-16211Aug 6, 2020risk 0.00cvss —epss 0.00
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.
- CVE-2020-16213Aug 6, 2020risk 0.00cvss —epss 0.01
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution,…
- CVE-2020-16215Aug 6, 2020risk 0.00cvss —epss 0.01
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or…
- CVE-2020-16217Aug 6, 2020risk 0.00cvss —epss 0.01
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.
- CVE-2019-16899Sep 26, 2019risk 0.00cvss —epss 0.00
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.
- CVE-2019-16900Sep 26, 2019risk 0.00cvss —epss 0.00
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.
- CVE-2019-16901Sep 26, 2019risk 0.00cvss —epss 0.00
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.
- CVE-2019-10961Aug 2, 2019risk 0.00cvss —epss 0.01
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.
- CVE-2018-8833Apr 25, 2018risk 0.00cvss —epss 0.01
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
- CVE-2018-8837Apr 25, 2018risk 0.00cvss —epss 0.00
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.
- CVE-2018-8835Apr 25, 2018risk 0.00cvss —epss 0.00
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.