Lucene search

K

Webaccess Hmi Designer Security Vulnerabilities

cve
cve

CVE-2021-42703

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser...

6.1CVSS

6.2AI Score

0.001EPSS

2021-11-15 03:15 PM
17
cve
cve

CVE-2021-42706

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI...

7.8CVSS

7.7AI Score

0.0004EPSS

2021-11-15 02:15 PM
16
cve
cve

CVE-2021-33000

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and...

7.8CVSS

7.8AI Score

0.007EPSS

2021-06-24 06:15 PM
44
4
cve
cve

CVE-2021-33002

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and...

7.8CVSS

7.8AI Score

0.003EPSS

2021-06-24 06:15 PM
38
2
cve
cve

CVE-2021-33004

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and...

7.8CVSS

7.9AI Score

0.005EPSS

2021-06-24 06:15 PM
51
3
cve
cve

CVE-2020-16207

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the...

7.8CVSS

8AI Score

0.008EPSS

2020-08-06 07:15 PM
25
cve
cve

CVE-2020-16229

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to....

7.8CVSS

7.7AI Score

0.002EPSS

2020-08-06 07:15 PM
27
2
cve
cve

CVE-2020-16213

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information,...

7.8CVSS

7.9AI Score

0.002EPSS

2020-08-06 07:15 PM
33
cve
cve

CVE-2020-16217

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to...

7.8CVSS

7.8AI Score

0.002EPSS

2020-08-06 07:15 PM
30
2
cve
cve

CVE-2020-16211

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read...

5.5CVSS

5.3AI Score

0.001EPSS

2020-08-06 07:15 PM
33
cve
cve

CVE-2020-16215

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application....

7.8CVSS

7.8AI Score

0.01EPSS

2020-08-06 07:15 PM
29
cve
cve

CVE-2019-16900

Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at...

7.5CVSS

7.5AI Score

0.002EPSS

2019-09-26 01:15 AM
65
cve
cve

CVE-2019-16901

Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from...

7.5CVSS

7.7AI Score

0.002EPSS

2019-09-26 01:15 AM
84
cve
cve

CVE-2019-16899

In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at...

7.5CVSS

7.6AI Score

0.002EPSS

2019-09-26 01:15 AM
68
cve
cve

CVE-2019-10961

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code...

8.8CVSS

9AI Score

0.009EPSS

2019-08-02 05:15 PM
33
cve
cve

CVE-2018-8835

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code...

7.8CVSS

8AI Score

0.004EPSS

2018-04-25 11:29 PM
22
cve
cve

CVE-2018-8837

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code...

7.8CVSS

8AI Score

0.003EPSS

2018-04-25 11:29 PM
25
cve
cve

CVE-2018-8833

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code...

7.8CVSS

8.2AI Score

0.006EPSS

2018-04-25 11:29 PM
25