{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T16:33:08.387","vulnerabilities":[{"cve":{"id":"CVE-2020-16207","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2020-08-06T19:15:13.550","lastModified":"2024-11-21T05:06:56.237","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash."},{"lang":"es","value":"Advantech WebAccess HMI Designer, versiones 2.1.9.31 y anteriores. Múltiples vulnerabilidades de desbordamiento del búfer en la región heap de la memoria pueden ser explotadas al abrir archivos de proyecto especialmente diseñados que pueden desbordar la pila, lo que puede permitir una ejecución de código remota, divulgación y modificación de información o causar que la aplicación se bloquee"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:advantech:webaccess\\/hmi_designer:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.9.31","matchCriteriaId":"B10BE31F-862E-4C94-A25A-D8F86CE09C9F"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-950/","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-951/","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-955/","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-958/","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-959/","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-950/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-951/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-955/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-958/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-959/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}