ICSA-21-173-01 · Published 2021-11-09 · View on CISA ICS-CERT ↗

Advantech WebAccess HMI Designer (Update A)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could result in memory corruption, code execution, hijacking of user 's cookie/session tokens, and unintended browser action.

CVEs (5)

CVE-2021-33000 CVE-2021-33002 CVE-2021-33004 CVE-2021-42706 CVE-2021-42703

Remediations

Advantech recommends users update to the latest version of WebAccess HMI Designer v2.1.11.0
Specific questions should be directed to Advantech customer service.

Affected Vendors

Advantech

Affected Products (1)

Advantech · WebAccess HMI Designer < 2.1.11.0

Affected Sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more