CVE-2018-8837
First published: Wed Apr 25 2018(Updated: )
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess HMI Designer | <=2.1.7.32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8837?
CVE-2018-8837 is a vulnerability in Advantech WebAccess HMI Designer 2.1.7.32 and prior that allows remote code execution.
How severe is CVE-2018-8837?
CVE-2018-8837 has a severity score of 7.8 (high).
How does CVE-2018-8837 occur?
CVE-2018-8837 occurs when processing specially crafted .pm3 files in Advantech WebAccess HMI Designer.
Which software versions are affected by CVE-2018-8837?
Advantech WebAccess HMI Designer versions up to and including 2.1.7.32 are affected by CVE-2018-8837.
How can CVE-2018-8837 be fixed?
To fix CVE-2018-8837, update Advantech WebAccess HMI Designer to a version beyond 2.1.7.32.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/tags
- agent/event
- agent/references
- agent/severity
- agent/type
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/advantech
- canonical/advantech webaccess hmi designer
- version/advantech webaccess hmi designer/2.1.7.32