Details of VAR-202111-0539

ID

VAR-202111-0539

CVE

CVE-2021-42703

TITLE

Advantech WebAccess HMI Designer Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-90871 // CNNVD: CNNVD-202111-1487

DESCRIPTION

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. Advantech Provided by the company WebAccess/HMI Designer Is Human Machine Interface (HMI) Design software. WebAccess/HMI Designer The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-33000 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-33002 ‥ * Buffer error (CWE-119) - CVE-2021-33004 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-42706 ‥ * Cross-site scripting (CWE-79) - CVE-2021-42703The expected impact depends on each vulnerability, but it may be affected as follows. * Project files specially crafted by the attacker (PLF File, SNF File, PM3 File ) Will execute arbitrary code on the system - CVE-2021-33000 , CVE-2021-33002 , CVE-2021-33004 ‥ * Information is stolen or arbitrary code is executed by a third party - CVE-2021-42706 ‥ * Crafted by a remote third party Javascript When the code is sent to the product, it can hijack the user's authentication token, redirect the user to a malicious web page, and perform unintended browser operations. - CVE-2021-42703. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The product has functions such as data transfer, menu editing and text editing. This vulnerability stems from the software's lack of effective filtering and escaping of parameters submitted by users

Trust: 2.88

sources: NVD: CVE-2021-42703 // JVNDB: JVNDB-2021-001390 // ZDI: ZDI-21-490 // CNVD: CNVD-2021-90871 // VULHUB: VHN-403772

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-90871

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess hmi designer	scope:	lt	version:	2.1.11.0	Trust: 1.6
vendor:	アドバンテック株式会社	model:	webaccess/hmi	scope:	eq	version:	-	Trust: 0.8
vendor:	アドバンテック株式会社	model:	webaccess/hmi	scope:	lt	version:	designer v2.1.11.0 earlier s	Trust: 0.8
vendor:	advantech	model:	webaccess/hmi designer	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90871 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-42703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42703
value:	MEDIUM
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-42703
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2021-001390
value:	MEDIUM
Trust: 0.8
ZDI:	ZDI-21-490
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2021-90871
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202111-1487
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-403772
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-42703
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-90871
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-403772
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-42703
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-42703
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-001390
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	ZDI-21-490
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90871 // VULHUB: VHN-403772 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1487 // NVD: CVE-2021-42703 // NVD: CVE-2021-42703

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Heap-based buffer overflow (CWE-122) [ Other ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [ Other ]	Trust: 0.8
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8
problemtype:	Use of freed memory (CWE-416) [ Other ]	Trust: 0.8
problemtype:	Cross-site scripting (CWE-79) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-403772 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-42703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1487

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202111-1487

PATCH

title:	Contact Us Advantech	url:	https://www.advantech.com/contact	Trust: 0.8
title:	Patch for Advantech WebAccess HMI Designer Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/300711	Trust: 0.6
title:	Advantech WebAccess HMI Designer Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170122	Trust: 0.6

sources: CNVD: CNVD-2021-90871 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1487

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42703	Trust: 3.1
db:	ICS CERT	id:	ICSA-21-173-01	Trust: 2.5
db:	ZDI	id:	ZDI-21-490	Trust: 1.5
db:	JVN	id:	JVNVU98262671	Trust: 0.8
db:	ZDI	id:	ZDI-21-442	Trust: 0.8
db:	ZDI	id:	ZDI-21-489	Trust: 0.8
db:	ZDI	id:	ZDI-21-488	Trust: 0.8
db:	ZDI	id:	ZDI-21-487	Trust: 0.8
db:	ZDI	id:	ZDI-21-441	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001390	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12276	Trust: 0.7
db:	CNVD	id:	CNVD-2021-90871	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-1487	Trust: 0.6
db:	VULHUB	id:	VHN-403772	Trust: 0.1

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90871 // VULHUB: VHN-403772 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1487 // NVD: CVE-2021-42703

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01	Trust: 2.5
url:	http://jvn.jp/cert/jvnvu98262671	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-441/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-442/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-487/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-488/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-489/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-490/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42703	Trust: 0.6

sources: CNVD: CNVD-2021-90871 // VULHUB: VHN-403772 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1487 // NVD: CVE-2021-42703

CREDITS

kimiya

Trust: 0.7

sources: ZDI: ZDI-21-490

SOURCES

db:	ZDI	id:	ZDI-21-490
db:	CNVD	id:	CNVD-2021-90871
db:	VULHUB	id:	VHN-403772
db:	JVNDB	id:	JVNDB-2021-001390
db:	CNNVD	id:	CNNVD-202111-1487
db:	NVD	id:	CVE-2021-42703

LAST UPDATE DATE

2024-08-14T12:13:48.047000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-490	date:	2021-04-28T00:00:00
db:	CNVD	id:	CNVD-2021-90871	date:	2022-01-26T00:00:00
db:	VULHUB	id:	VHN-403772	date:	2021-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-001390	date:	2021-11-12T05:12:00
db:	CNNVD	id:	CNNVD-202111-1487	date:	2021-11-18T00:00:00
db:	NVD	id:	CVE-2021-42703	date:	2021-11-16T20:35:20.630

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-490	date:	2021-04-28T00:00:00
db:	CNVD	id:	CNVD-2021-90871	date:	2021-11-25T00:00:00
db:	VULHUB	id:	VHN-403772	date:	2021-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-001390	date:	2021-05-13T00:00:00
db:	CNNVD	id:	CNNVD-202111-1487	date:	2021-11-15T00:00:00
db:	NVD	id:	CVE-2021-42703	date:	2021-11-15T15:15:06.810