Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Advantech Subscribe
Filtered by product Webaccess\/hmi Designer
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-16207 1 Advantech 1 Webaccess\/hmi Designer 2023-01-27 6.8 MEDIUM 7.8 HIGH
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2020-16229 1 Advantech 1 Webaccess\/hmi Designer 2022-10-06 6.8 MEDIUM 7.8 HIGH
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2020-16217 1 Advantech 1 Webaccess\/hmi Designer 2022-10-06 6.8 MEDIUM 7.8 HIGH
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2020-16213 1 Advantech 1 Webaccess\/hmi Designer 2022-10-06 6.8 MEDIUM 7.8 HIGH
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2020-16211 1 Advantech 1 Webaccess\/hmi Designer 2022-10-06 4.3 MEDIUM 5.5 MEDIUM
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.
CVE-2021-33004 1 Advantech 1 Webaccess\/hmi Designer 2022-07-02 6.8 MEDIUM 7.8 HIGH
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2020-16215 1 Advantech 1 Webaccess\/hmi Designer 2021-11-22 9.3 HIGH 7.8 HIGH
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2021-33000 1 Advantech 1 Webaccess\/hmi Designer 2021-07-01 6.8 MEDIUM 7.8 HIGH
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2021-33002 1 Advantech 1 Webaccess\/hmi Designer 2021-07-01 6.8 MEDIUM 7.8 HIGH
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2019-16900 1 Advantech 1 Webaccess\/hmi Designer 2020-08-24 5.0 MEDIUM 7.5 HIGH
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.
CVE-2019-16899 1 Advantech 1 Webaccess\/hmi Designer 2020-08-24 5.0 MEDIUM 7.5 HIGH
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.
CVE-2019-16901 1 Advantech 1 Webaccess\/hmi Designer 2019-09-26 5.0 MEDIUM 7.5 HIGH
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.