Arbitrary Code Execution via Malicious Project File in WebAccess HMI Designer (Versions 2.1.9.95 and Prior)

CVE-2021-33002 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

Learn more about our Web App Pen Testing.