CVE-2020-16215

{"id": "CVE-2020-16215", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-08-06T19:15:13.817", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-953/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-953/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash."}, {"lang": "es", "value": "Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. El procesamiento de archivos de proyecto especialmente dise\u00f1ados carecen de una comprobaci\u00f3n apropiada de los datos proporcionados por un usuario puede causar un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, lo que puede permitir una ejecuci\u00f3n de c\u00f3digo remota, divulgaci\u00f3n y modificaci\u00f3n de informaci\u00f3n o causar que la aplicaci\u00f3n se bloquee"}], "lastModified": "2024-11-21T05:06:57.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:webaccess\\/hmi_designer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B10BE31F-862E-4C94-A25A-D8F86CE09C9F", "versionEndIncluding": "2.1.9.31"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}