Your one-stop web resource providing safety and security information to manufacturers

WECON Technology Co., Ltd.’s latest version of its LeviStudioU should mitigate stack-based buffer overflow and a heap-based buffer overflow vulnerabilities, according to a report with NCCIC.

Successful exploitation of these vulnerabilities could allow an attacker to execute remote code.

RELATED STORIES
Johnson Controls’ Error Message Mitigation
Davolink Clears Network Switch Hole
Moxa Fixes NPort 5210, 5230, 5232 Hole
Echelon Fixes Multiple Vulnerabilities

LeviStudioU, Versions 1.8.29 and 1.8.44 suffer from the remotely exploitable vulnerabilities, according to the Zero Day Initiative (ZDI).

NSFOCUS security team and Ghirmay Desta worked with Mat Powell of Trend Micro’s Zero Day Initiative to report these vulnerabilities to NCCIC.

Schneider Bold

In one vulnerability, multiple stack-based buffer overflow vulnerabilities can end up exploited when the application processes specially crafted project files.

CVE-2018-10602 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

In addition, multiple heap-based buffer overflow vulnerabilities can end up exploited when the application processes specially crafted project files.

CVE-2018-10606 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

The product sees use mainly in the critical manufacturing, energy, and water and wastewater systems sectors. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Updating to the latest version of China-based WECON’s LeviStudioU may address some of the vulnerabilities.

Pin It on Pinterest

Share This