03 August 2018
Critical vulnerabilities in WECON LeviStudioU
Critical vulnerabilities have been identified in WECON LeviStudioU. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code.
LeviStudioU is used to develop HMI-solutions in energy, critical manufacturing, water and wastewater systems. The vulnerabilities affect the following versions: 1.8.29 and 1.8.44.
The problems are caused by the multiple stack-based (CVE-2018-10602) and heap-based (CVE-2018-10606) buffer overflow vulnerabilities. They can be exploited when the application processes specially crafted project files.
A CVSS v.3 base score of 8.8 has been calculated for each of the above vulnerabilities.
Updating to the latest version of LeviStudioU may address some of the vulnerabilities.
Source: ICS-CERT
See also
-
Critical vulnerability in Schneider Electric HMI configuration software
26 January 2021
-
Multiple vulnerabilities in Wecon PI Studio
10 October 2018
-
Buffer overflow vulnerabilities in AVEVA HMI solutions
24 July 2018