Wecon Technologies LEVI Studio HMI Editor

Plan Patch8.8ICS-CERT ICSA-17-103-01Apr 13, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

WECON LEVI Studio HMI Editor contains two buffer overflow vulnerabilities (CWE-122, CWE-121) that can be remotely exploited with low skill level. A remote attacker can send a specially crafted input or file that causes a buffer overflow, resulting in arbitrary code execution on the engineering workstation running the software. The vendor has indicated no fix will be released for any version of the product.

What this means

What could happen

An attacker could remotely run arbitrary code on engineering workstations running LEVI Studio, potentially allowing them to modify HMI configurations or insert malicious commands that affect plant operations through connected devices.

Who's at risk

Manufacturing facilities using WECON LEVI Studio HMI Editor on engineering workstations should be concerned. This affects anyone who uses the software to design or modify operator interfaces for industrial control systems, including water utilities and electric utilities that may use WECON equipment for SCADA or PLC configuration.

How it could be exploited

An attacker sends a malicious file or network packet to a user running LEVI Studio HMI Editor. The user interacts with the file or the software processes the data, triggering a buffer overflow (CWE-122/121) that allows the attacker to execute arbitrary code with the privileges of the engineering workstation.

Prerequisites

Network access to the engineering workstation running LEVI Studio
User interaction required (opening malicious project file or similar action)
LEVI Studio HMI Editor software installed

remotely exploitablelow complexityno patch availableuser interaction requiredbuffer overflow vulnerability

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

LEVI Studio HMI Editor - *All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement strict file-sharing controls to prevent external or untrusted HMI project files from reaching engineering workstations

HARDENINGTrain engineering staff to avoid opening HMI project files from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXReplace LEVI Studio HMI Editor with an alternative HMI engineering platform that receives active security updates

Mitigations - no patch available

0/2

LEVI Studio HMI Editor - * has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict LEVI Studio usage to isolated engineering workstations that do not have direct network access to production control systems

HARDENINGImplement network segmentation to isolate engineering workstations from internet-facing systems

CVEs (2)

CVE-2017-6037 CVE-2017-6035

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/04800488-a052-4747-a0c1-f87953d14089