SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-937686033] WECON Technology Co., Ltd. LeviStudio HMI Editor

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-12-19OtherWECON Technology Co., Ltd. (WECON)Michael DePlante, working with Trend Micro’s Zero Day Initiative, reported the vulnerability to ICS-CERT.N/ACVE-2017-1671 N/AN/AN/A

Source

						
							
								
#
# WECON Technology Co., Ltd. LeviStudio HMI Editor
#


### VULNERABLE VENDOR
WECON Technology Co., Ltd. (WECON)


### VULNERABLE PRODUCT
LeviStudio HMI editor                 


### RESEARCHER
Michael DePlante, working with Trend Micro’s Zero Day Initiative, reported the vulnerability to ICS-CERT.


### AFFECTED PRODUCTS
All versions of LeviStudio HMI, an HMI editor, are affected


### IMPACT
Successful exploitation of this vulnerability could cause the device that the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.


### VULNERABILITY OVERVIEW
HEAP-BASED BUFFER OVERFLOW CWE-122
The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVE-2017-16717 has been assigned to this vulnerability.
A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: China




### MITIGATION

WECON recommends that users update to the latest version, which can be found at the following location:

http://www.we-con.com.cn/en/download.aspx?id=45