2.1.9.31

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

advantech

CWE-415

NVD

Published: 2020-08-06

Updated: 2022-10-06

Summary

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Vulnerable Configurations

Part	Description	Count
Application	Advantech Advantech Webaccess/Hmi Designer - Advantech Webaccess/Hmi Designer 2.1 Advantech Webaccess/Hmi Designer 2.1.9.31	3

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02
https://www.zerodayinitiative.com/advisories/ZDI-20-952/