Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer

Rewterz Threat Advisory – CVE-2021-26420 – Microsoft SharePoint Remote Code Execution Vulnerability

June 24, 2021

Rewterz Threat Alert – FormBook Malware – Active IOCs

June 24, 2021

Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer

Severity

High

Analysis Summary

CVE-2021-33000

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution.

CVE-2021-33002

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code.

CVE-2021-33004

The affected product is vulnerable to memory corruption conditions due to a lack of proper validation of user-supplied files, which may allow an attacker to execute arbitrary code.

Impact

Unauthorized Access
Code Execution

Affected Vendors

Advantech

Affected Products

WebAccess HMI Designer Versions 2.1.9.95 and prior

Remediation

Refer to vendor advisory for the complete list of affected products and their respective patches at https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Advisory – CVE-2021-26420 – Microsoft SharePoint Remote Code Execution Vulnerability

Rewterz Threat Alert – FormBook Malware – Active IOCs

Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer

Severity

Analysis Summary

CVE-2021-33000

CVE-2021-33002

CVE-2021-33004

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan