CVE-2019-10961: Advantech WebAccess HMI Designer MCR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
First published: Fri Aug 02 2019(Updated: )
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess HMI Designer | <=2.1.7.32 | |
| Advantech WebAccess |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-691
- alias/ZDI-CAN-7805
- alias/CVE-2019-10961
- agent/software-canonical-lookup
- vendor/advantech
- canonical/advantech webaccess hmi designer
- version/advantech webaccess hmi designer/2.1.7.32
- canonical/advantech webaccess