CVE-2018-8837 - Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may c

CVE-2018-8837

Summary

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.

References

http://www.securityfocus.com/bid/103972
https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03

Vulnerable Configurations

cpe:2.3:a:advantech:webaccess_hmi_designer:2.1.7.32:*:*:*:*:*:*:*
cpe:2.3:a:advantech:webaccess_hmi_designer:2.1.7.32:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 09-10-2019 - 23:42)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	103972
misc	https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03

Last major update

09-10-2019 - 23:42

Published

25-04-2018 - 23:29

Last modified

09-10-2019 - 23:42