CVE-2021-33000

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer versions 2.1.9.95 and prior...

CVE-2021-33000

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer versions 2.1.9.95 and prior...

CVE-2021-33000

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer versions 2.1.9.95 and prior...

Advantech WebAccess HMI Designer Buffer Overflow Vulnerability (CNVD-2021-60558)

Advantech WebAccess HMI Designer is a human-machine interface integrated development tool from Advantech of Taiwan, China. WebAccess HMI Designer 2.1.9.95 and earlier versions contain a security vulnerability that could be exploited by remote attackers to trigger a heap-based buffer overflow and...

CVE-2021-35196

Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...

Deserialization of untrusted data

DISPUTED Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for...

CVE-2021-35196

Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...

CVE-2020-20473

White Shark System WSS 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the controltask.php, controlproject.php, defaultuser.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information...

White Shark System SQL注入漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...

CVE-2021-22678

Cscape All versions prior to 9.90 SP4 lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-22678

Cscape All versions prior to 9.90 SP4 lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process...

Cscape Memory Corruption Vulnerability

Cscape is an application that can program the full range of OCS. A memory corruption vulnerability exists in Cscape versions prior to 9.90 SP4. The vulnerability stems from the affected application failing to properly validate user-supplied data when parsing a project file. An attacker can exploi...

Horner Automation Cscape 缓冲区错误漏洞

Cscape is an application that can program the full range of OCS. A memory corruption vulnerability exists in Cscape versions prior to 9.90 SP4. The vulnerability stems from the affected application failing to properly validate user-supplied data when parsing a project file. An attacker can exploi...

Siemens LOGO! 8 BM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2021-22662

A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution...

CVE-2021-22670

An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution...

CVE-2021-22638

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution...

Out-of-bounds

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution...

Fatek FvDesigner Out-of-Bounds Read Vulnerability

Fatek FvDesigner is a software tool for designing and developing projects for the FATEK FV HMI series. An out-of-bounds write vulnerability exists in Fatek FvDesigner 1.5.76 and earlier versions when processing project files. An attacker can exploit this vulnerability to execute arbitrary code vi...

CVE-2020-16243

Multiple buffer overflow vulnerabilities exist when LeviStudioU Version 2019-09-21 and prior processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application...