CVE-2020-16213

HIGH

Advantech WebAccess HMI Designer < 2.1.9.31 - Out-of-bounds Write via Crafted Project File

Title source: llm
STIX 2.1

Description

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-956/

Scores

CVSS v3 7.8
EPSS 0.0061
EPSS Percentile 70.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
advantech/webaccess\/hmi_designer < 2.1.9.31
Published Aug 06, 2020
Tracked Since Feb 18, 2026