7.8
CVE-2021-33002
- EPSS 0.27%
- Veröffentlicht 24.06.2021 18:15:08
- Zuletzt bearbeitet 21.11.2024 06:08:06
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advantech ≫ Webaccess/hmi Designer Version <= 2.1.9.95
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.474 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.