Vulnerability Description
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantech | Webaccess\/Hmi Designer | <= 2.1.9.31 |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02Third Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-20-956/Third Party AdvisoryVDB Entry
- https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02Third Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-20-956/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-16213?
CVE-2020-16213 is a vulnerability with a CVSS score of 7.8 (HIGH). Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the inte...
How severe is CVE-2020-16213?
CVE-2020-16213 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-16213?
Check the references section above for vendor advisories and patch information. Affected products include: Advantech Webaccess\/Hmi Designer.