Details of VAR-202106-1203

ID

VAR-202106-1203

CVE

CVE-2021-33002

TITLE

Advantech Made WebAccess/HMI Designer Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-001390

DESCRIPTION

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). Advantech Provided by the company WebAccess/HMI Designer Is Human Machine Interface (HMI) Design software. WebAccess/HMI Designer The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-33000 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-33002 ‥ * Buffer error (CWE-119) - CVE-2021-33004 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-42706 ‥ * Cross-site scripting (CWE-79) - CVE-2021-42703The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-42703. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The product has functions such as data transmission, menu editing and text editing

Trust: 3.51

sources: NVD: CVE-2021-33002 // JVNDB: JVNDB-2021-001390 // ZDI: ZDI-21-488 // ZDI: ZDI-21-490 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392988

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess/hmi designer	scope:	-	version:	-	Trust: 1.4
vendor:	advantech	model:	webaccess\/hmi designer	scope:	lte	version:	2.1.9.95	Trust: 1.0
vendor:	アドバンテック株式会社	model:	webaccess/hmi	scope:	eq	version:	-	Trust: 0.8
vendor:	アドバンテック株式会社	model:	webaccess/hmi	scope:	lt	version:	designer v2.1.11.0 earlier s	Trust: 0.8

sources: ZDI: ZDI-21-488 // ZDI: ZDI-21-490 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-33002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33002
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2021-001390
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-33002
value:	HIGH
Trust: 0.7
ZDI:	ZDI-21-490
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1538
value:	HIGH
Trust: 0.6
VULHUB:	VHN-392988
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33002
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-392988
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33002
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-001390
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-33002
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7
ZDI:	ZDI-21-490
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-488 // ZDI: ZDI-21-490 // VULHUB: VHN-392988 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1538 // NVD: CVE-2021-33002

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Heap-based buffer overflow (CWE-122) [ Other ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [ Other ]	Trust: 0.8
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8
problemtype:	Use of freed memory (CWE-416) [ Other ]	Trust: 0.8
problemtype:	Cross-site scripting (CWE-79) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-392988 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-33002

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1538

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Contact Us Advantech	url:	https://www.advantech.com/contact	Trust: 0.8
title:	Advantech WebAccess HMI Designer Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154578	Trust: 0.6

sources: JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202106-1538

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33002	Trust: 3.2
db:	ICS CERT	id:	ICSA-21-173-01	Trust: 2.5
db:	ZDI	id:	ZDI-21-488	Trust: 1.5
db:	ZDI	id:	ZDI-21-490	Trust: 1.5
db:	JVN	id:	JVNVU98262671	Trust: 0.8
db:	ZDI	id:	ZDI-21-442	Trust: 0.8
db:	ZDI	id:	ZDI-21-489	Trust: 0.8
db:	ZDI	id:	ZDI-21-487	Trust: 0.8
db:	ZDI	id:	ZDI-21-441	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001390	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12272	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-12276	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021062305	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2214	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1538	Trust: 0.6
db:	VULHUB	id:	VHN-392988	Trust: 0.1

sources: ZDI: ZDI-21-488 // ZDI: ZDI-21-490 // VULHUB: VHN-392988 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1538 // NVD: CVE-2021-33002

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01	Trust: 2.5
url:	http://jvn.jp/cert/jvnvu98262671	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-441/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-442/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-487/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-488/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-489/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-490/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2214	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33002	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062305	Trust: 0.6

sources: VULHUB: VHN-392988 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1538 // NVD: CVE-2021-33002

CREDITS

kimiya

Trust: 1.4

sources: ZDI: ZDI-21-488 // ZDI: ZDI-21-490

SOURCES

db:	ZDI	id:	ZDI-21-488
db:	ZDI	id:	ZDI-21-490
db:	VULHUB	id:	VHN-392988
db:	JVNDB	id:	JVNDB-2021-001390
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1538
db:	NVD	id:	CVE-2021-33002

LAST UPDATE DATE

2024-08-14T12:34:50.845000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-488	date:	2021-06-24T00:00:00
db:	ZDI	id:	ZDI-21-490	date:	2021-04-28T00:00:00
db:	VULHUB	id:	VHN-392988	date:	2021-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-001390	date:	2021-11-12T05:12:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1538	date:	2021-07-02T00:00:00
db:	NVD	id:	CVE-2021-33002	date:	2021-07-01T12:37:13.210

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-488	date:	2021-06-24T00:00:00
db:	ZDI	id:	ZDI-21-490	date:	2021-04-28T00:00:00
db:	VULHUB	id:	VHN-392988	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-001390	date:	2021-05-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1538	date:	2021-06-22T00:00:00
db:	NVD	id:	CVE-2021-33002	date:	2021-06-24T18:15:08.700