Vulnerability Description
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantech | Webaccess Hmi Designer | <= 2.1.7.32 |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-19-213-01PatchThird Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-19-691/Third Party AdvisoryVDB Entry
- https://www.us-cert.gov/ics/advisories/icsa-19-213-01PatchThird Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-19-691/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2019-10961?
CVE-2019-10961 is a vulnerability with a CVSS score of 8.8 (HIGH). In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intende...
How severe is CVE-2019-10961?
CVE-2019-10961 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10961?
Check the references section above for vendor advisories and patch information. Affected products include: Advantech Webaccess Hmi Designer.