HTTP: Advantech WebAccess HMI Designer PM3 Memory Corruption

This signature detects attempts to exploit a known vulnerability against Advantech WebAccess HMI Designer. A successful attack can lead to a Memory Corruption and arbitrary remote code execution within the context of the Advantech WebAccess HMI Designer.

Extended Description

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

Affected Products

Advantech webaccess/hmi_designer

References

CVE: CVE-2021-33004

Short Name
HTTP:ADVANTECH-HMI-MEM-CORRUPT
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Advantech CVE-2021-33004 Corruption Designer HMI Memory PM3 WebAccess
Release Date
11/15/2021
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3436
False Positive
Rarely
Vendors

Advantech

CVSS Score

6.8

Found a potential security threat?