Rewterz Threat Advisory – CVE-2020-3433 – Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
August 7, 2020Rewterz Threat Advisory – ICS: Delta Industrial Automation TPEditor
August 10, 2020Severity
High
Analysis Summary
CVE-2020-16207
Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2020-16211
An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.
CVE-2020-16213
Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2020-16229
Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2020-16215
Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVE-2020-16217
A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.
Impact
- Application crash
- Information disclosure
- Remote code execution
Affected Vendors
Advantech
Affected Products
WebAccess HMI Designer Versions 2.1.9.31 and prior
Remediation
Advantech has released Version 2.1.9.81 of WebAccess HMI Designer to address the reported vulnerabilities.