{"api_version":"1","generated_at":"2026-06-29T21:49:53+00:00","cve":"CVE-2020-16213","urls":{"html":"https://cve.report/CVE-2020-16213","api":"https://cve.report/api/cve/CVE-2020-16213.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-16213","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-16213"},"summary":{"title":"CVE-2020-16213","description":"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2020-08-06 19:15:00","updated_at":"2022-10-06 19:11:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-956/","name":"https://www.zerodayinitiative.com/advisories/ZDI-20-956/","refsource":"MISC","tags":[],"title":"ZDI-20-956 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Advantech WebAccess HMI Designer | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-16213","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16213","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"16213","vulnerable":"1","versionEndIncluding":"2.1.9.31","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"advantech","cpe5":"webaccess\\/hmi_designer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-16213","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Advantech WebAccess HMI Designer","version":{"version_data":[{"version_value":"Versions 2.1.9.31 and prior"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"OUT-OF-BOUNDS WRITE CWE-787"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02"},{"refsource":"MISC","name":"https://www.zerodayinitiative.com/advisories/ZDI-20-956/","url":"https://www.zerodayinitiative.com/advisories/ZDI-20-956/"}]},"description":{"description_data":[{"lang":"eng","value":"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash."}]}},"nvd":{"publishedDate":"2020-08-06 19:15:00","lastModifiedDate":"2022-10-06 19:11:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:advantech:webaccess\\/hmi_designer:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.9.31","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"16213","Ordinal":"177621","Title":"CVE-2020-16213","CVE":"CVE-2020-16213","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"16213","Ordinal":"1","NoteData":"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"16213","Ordinal":"2","NoteData":"2020-08-06","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"16213","Ordinal":"3","NoteData":"2020-08-10","Type":"Other","Title":"Modified"}]}}}