Vulnerabilities > Advantech > Webaccess HMI Designer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-15 | CVE-2021-42703 | Cross-site Scripting vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | 4.3 |
| 2021-11-15 | CVE-2021-42706 | Use After Free vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | 4.6 |
| 2021-06-24 | CVE-2021-33000 | Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. | 6.8 |
| 2021-06-24 | CVE-2021-33002 | Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. | 6.8 |
| 2021-06-24 | CVE-2021-33004 | Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95 The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. | 6.8 |
| 2020-08-06 | CVE-2020-16211 | Out-of-bounds Read vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 5.5 |
| 2019-09-26 | CVE-2019-16901 | Improper Handling of Exceptional Conditions vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | 5.0 |
| 2019-09-26 | CVE-2019-16900 | Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | 5.0 |
| 2019-09-26 | CVE-2019-16899 | Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | 5.0 |
| 2018-04-25 | CVE-2018-8837 | Out-of-bounds Write vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. | 6.8 |