Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer
August 10, 2020Rewterz Threat Alert – Latest Emotet IOCs
August 10, 2020Severity
Medium
Analysis Summary
CVE-2020-16219
An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16221
A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16223
A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16225
A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16227
An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
Impact
- Execute arbitrary code
- Exposure of sensitive data
- Application crash
Affected Vendors
Delta Electronics
Affected Products
TPEditor Versions 1.97 and prior
Remediation
Delta Electronics recommends affected users update to the latest version.