WECON Software Fixes HMI Issue

Tuesday, December 19, 2017 @ 04:12 PM gHale

WECON Technology Co., Ltd. released new software to mitigate a heap-based buffer overflow in its LeviStudio HMI, according to a report with ICS-CERT.

All versions of LeviStudio HMI, an HMI, suffer from the remotely exploitable vulnerability discovered by Michael DePlante, working with Trend Micro’s Zero Day Initiative.

Hole in Xiongmai IP Cameras, DVRs
New Firmware Fixes Phoenix Contact X-SS Hole
Rockwell Fixes FactoryTalk Hole
Hole Found in WAGO PLC

Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CVE-2017-16717 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use mainly in the critical manufacturing, energy and water and wastewater systems sectors. It also sees action on a global basis.

China-based WECON recommends users update to the latest version.

Leave a Reply

You must be logged in to post a comment.