ID

VAR-202106-1202


CVE

CVE-2021-33000


TITLE

(0Day) Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-21-487 // ZDI: ZDI-21-490

DESCRIPTION

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). Advantech Provided by the company WebAccess/HMI Designer Is Human Machine Interface (HMI) Design software. WebAccess/HMI Designer The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-33000 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-33002 ‥ * Buffer error (CWE-119) - CVE-2021-33004 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-42706 ‥ * Cross-site scripting (CWE-79) - CVE-2021-42703The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-42703. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The product has functions such as data transmission, menu editing and text editing

Trust: 3.6

sources: NVD: CVE-2021-33000 // JVNDB: JVNDB-2021-001390 // ZDI: ZDI-21-487 // ZDI: ZDI-21-490 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392986 // VULMON: CVE-2021-33000

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/hmi designerscope: - version: -

Trust: 1.4

vendor:advantechmodel:webaccess\/hmi designerscope:lteversion:2.1.9.95

Trust: 1.0

vendor:アドバンテック株式会社model:webaccess/hmiscope:eqversion: -

Trust: 0.8

vendor:アドバンテック株式会社model:webaccess/hmiscope:ltversion:designer v2.1.11.0 earlier s

Trust: 0.8

sources: ZDI: ZDI-21-487 // ZDI: ZDI-21-490 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-33000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33000
value: HIGH

Trust: 1.0

OTHER: JVNDB-2021-001390
value: HIGH

Trust: 0.8

ZDI: CVE-2021-33000
value: HIGH

Trust: 0.7

ZDI: ZDI-21-490
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-1537
value: HIGH

Trust: 0.6

VULHUB: VHN-392986
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-33000
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-33000
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-392986
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-33000
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-001390
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-33000
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

ZDI: ZDI-21-490
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-487 // ZDI: ZDI-21-490 // VULHUB: VHN-392986 // VULMON: CVE-2021-33000 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1537 // NVD: CVE-2021-33000

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ Other ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [ Other ]

Trust: 0.8

problemtype: Buffer error (CWE-119) [ Other ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [ Other ]

Trust: 0.8

problemtype: Cross-site scripting (CWE-79) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-392986 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-33000

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1537

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Contact Us Advantechurl:https://www.advantech.com/contact

Trust: 0.8

title:Advantech WebAccess HMI Designer Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155767

Trust: 0.6

sources: JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202106-1537

EXTERNAL IDS

db:NVDid:CVE-2021-33000

Trust: 3.3

db:ICS CERTid:ICSA-21-173-01

Trust: 2.6

db:ZDIid:ZDI-21-487

Trust: 1.5

db:ZDIid:ZDI-21-490

Trust: 1.5

db:JVNid:JVNVU98262671

Trust: 0.8

db:ZDIid:ZDI-21-442

Trust: 0.8

db:ZDIid:ZDI-21-489

Trust: 0.8

db:ZDIid:ZDI-21-488

Trust: 0.8

db:ZDIid:ZDI-21-441

Trust: 0.8

db:JVNDBid:JVNDB-2021-001390

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12099

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-12276

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021062305

Trust: 0.6

db:AUSCERTid:ESB-2021.2214

Trust: 0.6

db:CNNVDid:CNNVD-202106-1537

Trust: 0.6

db:VULHUBid:VHN-392986

Trust: 0.1

db:VULMONid:CVE-2021-33000

Trust: 0.1

sources: ZDI: ZDI-21-487 // ZDI: ZDI-21-490 // VULHUB: VHN-392986 // VULMON: CVE-2021-33000 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1537 // NVD: CVE-2021-33000

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01

Trust: 3.2

url:http://jvn.jp/cert/jvnvu98262671

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-441/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-442/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-487/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-488/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-489/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-490/

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2214

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062305

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-392986 // VULMON: CVE-2021-33000 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1537 // NVD: CVE-2021-33000

CREDITS

kimiya

Trust: 1.4

sources: ZDI: ZDI-21-487 // ZDI: ZDI-21-490

SOURCES

db:ZDIid:ZDI-21-487
db:ZDIid:ZDI-21-490
db:VULHUBid:VHN-392986
db:VULMONid:CVE-2021-33000
db:JVNDBid:JVNDB-2021-001390
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-1537
db:NVDid:CVE-2021-33000

LAST UPDATE DATE

2024-08-14T12:55:32.981000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-487date:2021-06-24T00:00:00
db:ZDIid:ZDI-21-490date:2021-04-28T00:00:00
db:VULHUBid:VHN-392986date:2021-07-01T00:00:00
db:VULMONid:CVE-2021-33000date:2021-07-01T00:00:00
db:JVNDBid:JVNDB-2021-001390date:2021-11-12T05:12:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-1537date:2021-07-02T00:00:00
db:NVDid:CVE-2021-33000date:2021-07-01T14:23:19.910

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-487date:2021-06-24T00:00:00
db:ZDIid:ZDI-21-490date:2021-04-28T00:00:00
db:VULHUBid:VHN-392986date:2021-06-24T00:00:00
db:VULMONid:CVE-2021-33000date:2021-06-24T00:00:00
db:JVNDBid:JVNDB-2021-001390date:2021-05-13T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-1537date:2021-06-22T00:00:00
db:NVDid:CVE-2021-33000date:2021-06-24T18:15:08.540