Multiple vulnerabilities in Wecon PI Studio

Multiple vulnerabilities, two of which are critical, have been identified in PI Studio, an HMI solution by WECON Technology. Successful exploitation of these vulnerabilities could allow remote code execution or disclosure of sensitive information, including in the context of an administrator. The issue affects PI Studio HMI (versions 4.1.9 and prior) and PI Studio (versions 4.2.34 and prior).

The most severe of the vulnerabilities are stack-based buffer overflow (CVE-2018-14818) and out-of-bounds write (CVE-2018-14810). These vulnerabilities have been assigned CVSS v.3 base scores of 9.8 and 8.8, respectively. Both could allow remote code execution. In the case of CVE-2018-14810, code could be executed in the context of an administrator.

One more security flaw (CVE-2018-17889) is due to WECON PI Studio incorporating an XML parser that is vulnerable to XXE (XML eXternal Entity) attacks. This could allow attackers to gain access to sensitive information.

In addition, PI Studio lacks proper validation of user-supplied data, which could result in a read past the end of an allocated object (CVE-2018-14814).

The vendor is currently working on fixes for the above vulnerabilities.

Source: ICS-CERT