Wecon Mitigates HMI Editor Holes

Friday, April 14, 2017 @ 04:04 PM gHale


Wecon Technologies released new software to mitigate heap-based buffer overflow and a stack-based buffer overflow vulnerabilities in its LEVI Studio HMI Editor, according to a report with ICS-CERT.

LEVI Studio HMI Editor, all versions suffer from the remotely exploitable vulnerability, discovered by Andrea (rgod) Micalizzi, working with iDefense Labs.

RELATED STORIES
Schneider Working on Modicon, SoMachine Holes
Schneider Fixes XSS Vulnerability
‘BrickerBot’ Permanent DoS Attack
Cisco Finds Moxa Vulnerabilities

Successful exploitation of these vulnerabilities could cause the device to become unresponsive; a buffer overflow condition may allow remote code execution.

This product sees use mainly in the critical manufacturing sector. It sees action on a global basis.

This vulnerability causes a heap-based buffer overflow when a maliciously crafted project file is run by the system.

CVE-2017-6037 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

This vulnerability causes a stack-based buffer overflow, which could result in denial of service when a malicious project file is run on the system.

CVE-2017-6035 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

No known public exploits specifically target these vulnerabilities. However, it would take an attacker with low skill level to exploit the vulnerabilities.

Fuzhou, Fujian, China-based Wecon Technologies recommends affected users upgrade to Version 1.8.1 of the software.



Leave a Reply

You must be logged in to post a comment.