6 matches found
CVE-2019-10961
CVE-2019-10961 affects Advantech WebAccess HMI Designer up to version 2.1.9.23. The issue is an out-of-bounds write in MCR file processing due to insufficient validation, enabling remote code execution. Advantech released version 2.1.9.31 with a fix. Affected: WebAccess HMI Designer 2.1.9.23 and ...
CVE-2018-8837
CVE-2018-8837 affects Advantech WebAccess HMI Designer (versions 2.1.7.32 and earlier). The root cause is an out-of-bounds write (CWE-787) triggered by processing specially crafted .pm3 files, potentially leading to remote code execution. Public sources in the connected documents corroborate the ...
CVE-2018-8833
Advantech WebAccess HMI Designer (Version 2.1.7.32 and earlier) contains a heap-based buffer overflow when processing specially crafted .pm3 files, which can lead to remote code execution. The CVE-2018-8833 entry is supported by multiple sources in connected documents (CNVD/CVELIST/NVD) that desc...
CVE-2018-8835
Advantech WebAccess HMI Designer 2.1.7.32 and prior are affected by a double‑free vulnerability in processing specially crafted .pm3 files, which may allow remote code execution. CVE-2018-8835. The issue is caused by improper handling during file processing and is highlighted alongside other vuln...
CVE-2021-42706
Summary: CVE-2021-42706 affects Advantech WebAccess HMI Designer (WebAccess/MHI Designer). The connected advisory details a Use After Free vulnerability (CWE-416) in WebAccess/MHI Designer, leading to information disclosure and arbitrary code execution via memory corruption when handling crafted ...
CVE-2021-42703
Vulnerability context: CVE-2021-42703 corresponds to a cross‑site scripting flaw in Advantech WebAccess HMI Designer (pre‑2.1.11.0). The issue stems from insufficient input filtering/escaping of user‑submitted parameters, enabling attacker‑supplied JavaScript to execute in the affected web contex...