WECON Technology Co., Ltd. (WECON) has an update available to mitigate a stack-based buffer overflow in its LeviStudio HMI Editor, according to a report with ICS-CERT.
An HMI programming software product, LEVI Studio HMI Editor v1.8.1 and prior suffer from the remotely exploitable vulnerability, discovered by Andrea “rgod” Micalizzi, working with iDefense Labs.
Multiple Holes in ProMinent Controller
Siemens Clears BACnet Field Panels Issues
GE Updates CIMPLICITY Fix
Siemens Updates Ruggedcom, SCALANCE Fix
JanTek JTC-200 Holes Remain Until New Model
Successful exploitation of these vulnerabilities may result in denial of service and arbitrary code execution.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerability.
Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.
CVE-2017-13999 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 7.5.
The product sees action in the critical manufacturing, energy, water and wastewater systems sectors. It also sees use on a global basis.
Click here to download Fuzhou, Fujian, P.R.China-based WECON’s update to v1.8.2.