SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-662394211] Wecon Technologies LEVI Studio HMI Editor

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-04-13OtherWecon TechnologiesAndrea (rgod) Micalizzi, working with iDefense Labs, reported these vulnerabilities. N/ACVE-2017-6037 CVE-2017-6035 N/AN/AN/A

Source

						
							
								
#
# Wecon Technologies LEVI Studio HMI Editor
#


### VULNERABLE VENDOR
Wecon Technologies


### VULNERABLE PRODUCT
LEVI Studio HMI Editor



### RESEARCHER
Andrea (rgod) Micalizzi, working with iDefense Labs, reported these vulnerabilities.



### AFFECTED PRODUCTS

The following versions of LEVI Studio HMI Editor, a HMI programming software, are affected:

LEVI Studio HMI Editor, all versions.



### IMPACT

Successful exploitation of these vulnerabilities could cause the device to become unresponsive; a buffer overflow condition may allow remote code execution.



### VULNERABILITY OVERVIEW

HEAP-BASED BUFFER OVERFLOW CWE-122
This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system.
CVE-2017-6037 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)


STACK-BASED BUFFER OVERFLOW CWE-121
This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system.
CVE-2017-6035 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sector(s): Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Fuzhou, Fujian, China




### MITIGATION

Wecon Technologies recommends that affected users upgrade to Version 1.8.1 of the software which can be downloaded from:

http://www.we-con.com.cn/en/download/softwares/levi-series-hmi/