Vulnerabilities > Advantech > Webaccess HMI Designer

DATE CVE VULNERABILITY TITLE RISK
2021-11-15 CVE-2021-42703 Cross-site Scripting vulnerability in Advantech Webaccess HMI Designer 2.1.7.32
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.
network
advantech CWE-79
4.3
4.3
2021-11-15 CVE-2021-42706 Use After Free vulnerability in Advantech Webaccess HMI Designer 2.1.7.32
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer
local
low complexity
advantech CWE-416
4.6
4.6
2021-06-24 CVE-2021-33000 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution.
network
advantech CWE-787
6.8
6.8
2021-06-24 CVE-2021-33002 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code.
network
advantech CWE-787
6.8
6.8
2021-06-24 CVE-2021-33004 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code.
network
advantech CWE-787
6.8
6.8
2020-08-06 CVE-2020-16229 Type Confusion vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-843
7.8
7.8
2020-08-06 CVE-2020-16217 Double Free vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-415
7.8
7.8
2020-08-06 CVE-2020-16215 Improper Input Validation vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
network
advantech CWE-20
critical
 9.3
9.3
2020-08-06 CVE-2020-16213 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-787
7.8
7.8
2020-08-06 CVE-2020-16211 Out-of-bounds Read vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-125
5.5
5.5