ID

VAR-202111-0808


CVE

CVE-2021-42706


TITLE

Advantech WebAccess HMI Designer Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-90870 // CNNVD: CNNVD-202111-1485

DESCRIPTION

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer. Advantech Provided by the company WebAccess/HMI Designer Is Human Machine Interface (HMI) Design software. WebAccess/HMI Designer The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-33000 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-33002 ‥ * Buffer error (CWE-119) - CVE-2021-33004 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-42706 ‥ * Cross-site scripting (CWE-79) - CVE-2021-42703The expected impact depends on each vulnerability, but it may be affected as follows. * Project files specially crafted by the attacker (PLF File, SNF File, PM3 File ) Will execute arbitrary code on the system - CVE-2021-33000 , CVE-2021-33002 , CVE-2021-33004 ‥ * Information is stolen or arbitrary code is executed by a third party - CVE-2021-42706 ‥ * Crafted by a remote third party Javascript When the code is sent to the product, it can hijack the user's authentication token, redirect the user to a malicious web page, and perform unintended browser operations. - CVE-2021-42703. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. The product has functions such as data transfer, menu editing and text editing. Advantech WebAccess HMI Designer versions prior to 2.1.11.0 have a resource management error vulnerability, which originates from a reuse-after-release problem in the software

Trust: 2.88

sources: NVD: CVE-2021-42706 // JVNDB: JVNDB-2021-001390 // ZDI: ZDI-21-490 // CNVD: CNVD-2021-90870 // VULHUB: VHN-403775

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-90870

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess hmi designerscope:ltversion:2.1.11.0

Trust: 1.6

vendor:アドバンテック株式会社model:webaccess/hmiscope:eqversion: -

Trust: 0.8

vendor:アドバンテック株式会社model:webaccess/hmiscope:ltversion:designer v2.1.11.0 earlier s

Trust: 0.8

vendor:advantechmodel:webaccess/hmi designerscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90870 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-42706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42706
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-42706
value: HIGH

Trust: 1.0

OTHER: JVNDB-2021-001390
value: HIGH

Trust: 0.8

ZDI: ZDI-21-490
value: HIGH

Trust: 0.7

CNVD: CNVD-2021-90870
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202111-1485
value: HIGH

Trust: 0.6

VULHUB: VHN-403775
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-42706
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2021-90870
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-403775
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-42706
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-42706
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-001390
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: ZDI-21-490
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90870 // VULHUB: VHN-403775 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1485 // NVD: CVE-2021-42706 // NVD: CVE-2021-42706

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Heap-based buffer overflow (CWE-122) [ Other ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [ Other ]

Trust: 0.8

problemtype: Buffer error (CWE-119) [ Other ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [ Other ]

Trust: 0.8

problemtype: Cross-site scripting (CWE-79) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-403775 // JVNDB: JVNDB-2021-001390 // NVD: CVE-2021-42706

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-1485

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202111-1485

PATCH

title:Contact Us Advantechurl:https://www.advantech.com/contact

Trust: 0.8

title:Patch for Advantech WebAccess HMI Designer Resource Management Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/300716

Trust: 0.6

title:Advantech WebAccess HMI Designer Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170121

Trust: 0.6

sources: CNVD: CNVD-2021-90870 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1485

EXTERNAL IDS

db:NVDid:CVE-2021-42706

Trust: 3.1

db:ICS CERTid:ICSA-21-173-01

Trust: 2.5

db:ZDIid:ZDI-21-490

Trust: 1.5

db:JVNid:JVNVU98262671

Trust: 0.8

db:ZDIid:ZDI-21-442

Trust: 0.8

db:ZDIid:ZDI-21-489

Trust: 0.8

db:ZDIid:ZDI-21-488

Trust: 0.8

db:ZDIid:ZDI-21-487

Trust: 0.8

db:ZDIid:ZDI-21-441

Trust: 0.8

db:JVNDBid:JVNDB-2021-001390

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12276

Trust: 0.7

db:CNVDid:CNVD-2021-90870

Trust: 0.6

db:CNNVDid:CNNVD-202111-1485

Trust: 0.6

db:VULHUBid:VHN-403775

Trust: 0.1

sources: ZDI: ZDI-21-490 // CNVD: CNVD-2021-90870 // VULHUB: VHN-403775 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1485 // NVD: CVE-2021-42706

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-42706

Trust: 1.2

url:http://jvn.jp/cert/jvnvu98262671

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-441/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-442/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-487/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-488/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-489/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-490/

Trust: 0.8

sources: CNVD: CNVD-2021-90870 // VULHUB: VHN-403775 // JVNDB: JVNDB-2021-001390 // CNNVD: CNNVD-202111-1485 // NVD: CVE-2021-42706

CREDITS

kimiya

Trust: 0.7

sources: ZDI: ZDI-21-490

SOURCES

db:ZDIid:ZDI-21-490
db:CNVDid:CNVD-2021-90870
db:VULHUBid:VHN-403775
db:JVNDBid:JVNDB-2021-001390
db:CNNVDid:CNNVD-202111-1485
db:NVDid:CVE-2021-42706

LAST UPDATE DATE

2024-11-23T20:51:20.694000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-490date:2021-04-28T00:00:00
db:CNVDid:CNVD-2021-90870date:2022-01-26T00:00:00
db:VULHUBid:VHN-403775date:2021-11-17T00:00:00
db:JVNDBid:JVNDB-2021-001390date:2021-11-12T05:12:00
db:CNNVDid:CNNVD-202111-1485date:2021-11-25T00:00:00
db:NVDid:CVE-2021-42706date:2024-11-21T06:28:00.737

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-490date:2021-04-28T00:00:00
db:CNVDid:CNVD-2021-90870date:2021-11-25T00:00:00
db:VULHUBid:VHN-403775date:2021-11-15T00:00:00
db:JVNDBid:JVNDB-2021-001390date:2021-05-13T00:00:00
db:CNNVDid:CNNVD-202111-1485date:2021-11-15T00:00:00
db:NVDid:CVE-2021-42706date:2021-11-15T14:15:07.377