OTPulse
FeedAboutContact

WECON Technology Co., Ltd. LeviStudio HMI Editor

Monitor7.5ICS-CERT ICSA-17-285-02Oct 12, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

WECON LEVI Studio HMI Editor versions 1.8.1 and prior contain a buffer overflow vulnerability (CWE-121) that can be triggered by a remote attacker without authentication or user interaction. The vulnerability allows an attacker to cause a denial of service by crashing the application or system. LEVI Studio is used to configure and design HMI interfaces for manufacturing and process automation systems. No patch is currently available from the vendor.

What this means
What could happen
An attacker could cause a denial of service (system crash) on a workstation running LEVI Studio HMI Editor, disrupting HMI configuration and engineering activities.
Who's at risk
Manufacturing plants and process automation facilities that use WECON LEVI Studio HMI Editor to configure and maintain human-machine interface systems. Specifically affects engineering and control system personnel who operate HMI configuration workstations.
How it could be exploited
An attacker sends a malicious network packet to a workstation running vulnerable LEVI Studio HMI Editor software. The packet triggers a buffer overflow (CWE-121) that crashes the application or the entire system without requiring user interaction or authentication.
Prerequisites
  • Network access to the workstation running LEVI Studio HMI Editor
  • LEVI Studio HMI Editor version 1.8.1 or earlier installed and running
  • Exposed to untrusted network or internet (no network segmentation)
remotely exploitableno authentication requiredlow complexityno patch availableaffects engineering workstations
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (1)
ProductAffected VersionsFix Status
LEVI Studio HMI Editor: v1.8.1 and prior≤ 1.8.1No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGIsolate workstations running LEVI Studio HMI Editor from untrusted networks using firewall rules or network segmentation (e.g., place engineering workstations on a dedicated VLAN with restricted inbound access)
WORKAROUNDDisable unnecessary network services and disable any features in LEVI Studio HMI Editor that accept remote input if possible
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact WECON Technology to determine if a patch or workaround exists beyond what is documented; if no fix becomes available, evaluate alternative HMI editor software
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/007eae33-ff37-4158-ae97-f77bd51f6570
WECON Technology Co., Ltd. LeviStudio HMI Editor | CVSS 7.5 - OTPulse