CVEs-PoC/2020/CVE-2020-16229.md

### [CVE-2020-16229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16229)
![](https://img.shields.io/static/v1?label=Product&message=Advantech%20WebAccess%20HMI%20Designer&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=ACCESS%20OF%20RESOURCE%20USING%20INCOMPATIBLE%20TYPE%20('TYPE%20CONFUSION')%20CWE-843&color=brighgreen)

### Description

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-16229