WECON Technology Co., Ltd. (WECON) is working on an update to fix multiple vulnerabilities in its PI Studio, according to a report with NCCIC.
The vulnerabilities include a stack-based buffer overflow, out-of-bounds write, information exposure through XML external entity reference and an out-of-bounds read.
Successful exploitation of these vulnerabilities, discovered by Mat Powell of Trend Micro’s Zero Day Initiative (ZDI) and Natnael Samson (Natti) working with ZDI, may allow remote code execution, execution of code in the context of an administrator, read past the end of an allocated object or allow an attacker to disclose sensitive information under the context of administrator.
The following versions of PI Studio, a HMI project programmer, suffer from the remotely exploitable vulnerabilities:
• PI Studio HMI: Versions 4.1.9 and prior
• PI Studio Versions 4.2.34 and prior
A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVE-2018-14818 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
In addition, the affected product parses files and passes invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator.
CVE-2018-14810 is the case number assigned to this vulnerability, which has a.
Also, when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure.
CVE-2018-17889 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.
In addition, the affected product lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object.
CVE-2018-14814 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.
The product sees use in the critical manufacturing, energy, and water and wastewater systems sectors. It also sees action on a global basis.
No known public exploits specifically target these vulnerabilities. An attacker with low skill level could leverage the vulnerabilities.
China-based WECON has verified the vulnerabilities but has not yet released an updated version.