РУ
Home / News / Critical vulnerabilities in WECON LeviStudioU

Critical vulnerabilities in WECON LeviStudioU

Critical vulnerabilities have been identified in WECON LeviStudioU. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code.

LeviStudioU is used to develop HMI-solutions in energy, critical manufacturing, water and wastewater systems. The vulnerabilities affect the following versions: 1.8.29 and 1.8.44.

The problems are caused by the multiple stack-based (CVE-2018-10602) and heap-based (CVE-2018-10606) buffer overflow vulnerabilities. They can be exploited when the application processes specially crafted project files.

A CVSS v.3 base score of 8.8 has been calculated for each of the above vulnerabilities.

Updating to the latest version of LeviStudioU may address some of the vulnerabilities.

Source: ICS-CERT

News

More critical vulnerabilities identified in OPC protocol implementations

04 March 2021

Classics: vulnerabilities in web console and third-party components in Pepperl+Fuchs IO-Link-Master gateways

09 February 2021

Getting back on Treck: more vulnerabilities in the infamous TCP/IP Stack

05 February 2021
Reports

Lazarus targets defense industry with ThreatNeedle

25 February 2021

SunBurst industrial victims

26 January 2021

ICS threat predictions for 2021

02 December 2020
Alerts

Targeted attacks on industrial companies using Snake ransomware (updated)

17 June 2020

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.