• Main
  • Publications
  • News
  • Critical vulnerabilities in WECON LeviStudioU
  • Critical vulnerabilities in WECON LeviStudioU

03 August 2018

Critical vulnerabilities in WECON LeviStudioU

Critical vulnerabilities have been identified in WECON LeviStudioU. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code.

LeviStudioU is used to develop HMI-solutions in energy, critical manufacturing, water and wastewater systems. The vulnerabilities affect the following versions: 1.8.29 and 1.8.44.

The problems are caused by the multiple stack-based (CVE-2018-10602) and heap-based (CVE-2018-10606) buffer overflow vulnerabilities. They can be exploited when the application processes specially crafted project files.

A CVSS v.3 base score of 8.8 has been calculated for each of the above vulnerabilities.

Updating to the latest version of LeviStudioU may address some of the vulnerabilities.

Source: ICS-CERT

HMI
LeviStudioU
Wecon

See also

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.