7.8
CVE-2021-33002
- EPSS 0.97%
- Veröffentlicht 24.06.2021 18:15:08
- Zuletzt bearbeitet 21.11.2024 06:08:06
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginOpening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advantech ≫ Webaccess/hmi Designer Version <= 2.1.9.95
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.97% | 0.573 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01