SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-882073658] WECON Technology Co., Ltd. LeviStudio HMI Editor

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-01-11OtherWECON Technology Co., Ltd. (WECON)Sergey Zelenyuk of RVRT, HanM0u of CloverSec Labs working with Trend Micro's Zero Day Initiative, and Brian Gorenc of Trend MicrN/ACVE-2017-1673 CVE-2017-1673 N/AN/AN/A

Source

						
							
								
#
# WECON Technology Co., Ltd. LeviStudio HMI Editor
#


### VULNERABLE VENDOR
WECON Technology Co., Ltd. (WECON)


### VULNERABLE PRODUCT
LeviStudio HMI Editor 


### RESEARCHER
Sergey Zelenyuk of RVRT, HanM0u of CloverSec Labs working with Trend Micro's Zero Day Initiative, and Brian Gorenc of Trend Micro's Zero Day Initiative reported the vulnerabilities to ICS-CERT.


### AFFECTED PRODUCTS
The following versions of LEVI Studio HMI Editor, an HMI programming software product, are affected:

LEVI Studio HMI Editor v1.8.29 and prior


### IMPACT
Successful exploitation of these vulnerabilities may result in arbitrary code execution.


### VULNERABILITY OVERVIEW
STACK-BASED BUFFER OVERFLOW CWE-121
Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.
CVE-2017-16739 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)


HEAP-BASED BUFFER OVERFLOW CWE-122
A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.
CVE-2017-16737 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems.
Countries/Areas Deployed: Worldwide
Company Headquarters Location: China




### MITIGATION

WECON recommends that users update to the latest version, which can be found at the following location:

http://www.we-con.com.cn/en/download.aspx?id=45