ID

VAR-202111-0539


CVE

CVE-2021-42703


TITLE

Advantech WebAccess HMI Designer Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-90871 // CNNVD: CNNVD-202111-1487

DESCRIPTION

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. Advantech Provided by the company WebAccess/HMI Designer Is Human Machine Interface (HMI) Design software. WebAccess/HMI Designer The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-33000 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-33002 ‥ * Buffer error (CWE-119) - CVE-2021-33004 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-42706 ‥ * Cross-site scripting (CWE-79) - CVE-2021-42703The expected impact depends on each vulnerability, but it may be affected as follows. * Project files specially crafted by the attacker (PLF File, SNF File, PM3 File ) Will execute arbitrary code on the system - CVE-2021-33000 , CVE-2021-33002 , CVE-2021-33004 ‥ * Information is stolen or arbitrary code is executed by a third party - CVE-2021-42706 ‥ * Crafted by a remote third party Javascript When the code is sent to the product, it can hijack the user's authentication token, redirect the user to a malicious web page, and perform unintended browser operations. - CVE-2021-42703. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The product has functions such as data transfer, menu editing and text editing. This vulnerability stems from the software's lack of effective filtering and escaping of parameters submitted by users

Trust: 2.88

sources: NVD: CVE-2021-42703 // JVNDB: JVNDB-2021-001390 // ZDI: ZDI-21-490 // CNVD: CNVD-2021-90871 // VULHUB: VHN-403772

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-90871

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess hmi designerscope:ltversion:2.1.11.0

Trust: 1.6

vendor:アドバンテック株式会社model:webaccess/hmiscope:eqversion: -

Trust: 0.8

vendor:アドバンテック株式会社model:webaccess/hmiscope:ltversion:designer v2.1.11.0 earlier s

Trust: 0.8

vendor:advantechmodel:webaccess/hmi designerscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90871 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-42703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42703
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-42703
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2021-001390
value: MEDIUM

Trust: 0.8

ZDI: ZDI-21-490
value: HIGH

Trust: 0.7

CNVD: CNVD-2021-90871
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202111-1487
value: MEDIUM

Trust: 0.6

VULHUB: VHN-403772
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-42703
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2021-90871
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-403772
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-42703
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-42703
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-001390
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: ZDI-21-490
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90871 // VULHUB: VHN-403772 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1487 // NVD: CVE-2021-42703 // NVD: CVE-2021-42703

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Heap-based buffer overflow (CWE-122) [ Other ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [ Other ]

Trust: 0.8

problemtype: Buffer error (CWE-119) [ Other ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [ Other ]

Trust: 0.8

problemtype: Cross-site scripting (CWE-79) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-403772 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-42703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1487

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202111-1487

PATCH

title:Contact Us Advantechurl:https://www.advantech.com/contact

Trust: 0.8

title:Patch for Advantech WebAccess HMI Designer Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/300711

Trust: 0.6

title:Advantech WebAccess HMI Designer Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170122

Trust: 0.6

sources: CNVD: CNVD-2021-90871 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1487

EXTERNAL IDS

db:NVDid:CVE-2021-42703

Trust: 3.1

db:ICS CERTid:ICSA-21-173-01

Trust: 2.5

db:ZDIid:ZDI-21-490

Trust: 1.5

db:JVNid:JVNVU98262671

Trust: 0.8

db:ZDIid:ZDI-21-442

Trust: 0.8

db:ZDIid:ZDI-21-489

Trust: 0.8

db:ZDIid:ZDI-21-488

Trust: 0.8

db:ZDIid:ZDI-21-487

Trust: 0.8

db:ZDIid:ZDI-21-441

Trust: 0.8

db:JVNDBid:JVNDB-2021-001390

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12276

Trust: 0.7

db:CNVDid:CNVD-2021-90871

Trust: 0.6

db:CNNVDid:CNNVD-202111-1487

Trust: 0.6

db:VULHUBid:VHN-403772

Trust: 0.1

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90871 // VULHUB: VHN-403772 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1487 // NVD: CVE-2021-42703

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01

Trust: 2.5

url:http://jvn.jp/cert/jvnvu98262671

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-441/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-442/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-487/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-488/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-489/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-490/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-42703

Trust: 0.6

sources: CNVD: CNVD-2021-90871 // VULHUB: VHN-403772 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1487 // NVD: CVE-2021-42703

CREDITS

kimiya

Trust: 0.7

sources: ZDI: ZDI-21-490

SOURCES

db:ZDIid:ZDI-21-490
db:CNVDid:CNVD-2021-90871
db:VULHUBid:VHN-403772
db:JVNDBid:JVNDB-2021-001390
db:CNNVDid:CNNVD-202111-1487
db:NVDid:CVE-2021-42703

LAST UPDATE DATE

2024-11-23T19:28:35.661000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-490date:2021-04-28T00:00:00
db:CNVDid:CNVD-2021-90871date:2022-01-26T00:00:00
db:VULHUBid:VHN-403772date:2021-11-16T00:00:00
db:JVNDBid:JVNDB-2021-001390date:2021-11-12T05:12:00
db:CNNVDid:CNNVD-202111-1487date:2021-11-18T00:00:00
db:NVDid:CVE-2021-42703date:2024-11-21T06:28:00.373

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-490date:2021-04-28T00:00:00
db:CNVDid:CNVD-2021-90871date:2021-11-25T00:00:00
db:VULHUBid:VHN-403772date:2021-11-15T00:00:00
db:JVNDBid:JVNDB-2021-001390date:2021-05-13T00:00:00
db:CNNVDid:CNNVD-202111-1487date:2021-11-15T00:00:00
db:NVDid:CVE-2021-42703date:2021-11-15T15:15:06.810