CVE-2019-10961

HIGH

Advantech WebAccess HMI Designer < 2.1.7.32 - Remote Code Execution via Crafted MCR File

Title source: llm
STIX 2.1

Description

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.

References (2)

Core 2
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-213-01
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-691/

Scores

CVSS v3 8.8
EPSS 0.0082
EPSS Percentile 74.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
advantech/webaccess_hmi_designer < 2.1.7.32
Published Aug 02, 2019
Tracked Since Feb 18, 2026