WECON Technology Co., Ltd. LeviStudio HMI Editor

Monitor7.3ICS-CERT ICSA-17-353-05Dec 19, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

WECON LeviStudio HMI Editor contains a vulnerability in its project file parsing that allows remote code execution through a malformed project file. When an administrator opens a specially crafted project file in the HMI Editor, arbitrary code execution is possible due to improper input validation. All versions of the software are affected.

What this means

What could happen

An attacker could gain remote code execution on the engineering workstation running LeviStudio, potentially allowing them to modify HMI configurations, manipulate control logic displayed to operators, or compromise the integrity of industrial process automation projects before deployment to production systems.

Who's at risk

Manufacturing facilities using WECON LeviStudio HMI Editor for programming and configuration of human-machine interface systems. Specifically impacts engineering and administrative staff who create, modify, and test HMI projects before deployment to production PLCs and control systems.

How it could be exploited

An attacker sends a malformed LeviStudio project file (typically via email or shared network location) to an HMI engineer or administrator. When the victim opens the file in LeviStudio HMI Editor, the application fails to properly validate the file structure and executes embedded malicious code with the privileges of the logged-in user. The attacker gains code execution on the engineering workstation.

Prerequisites

Valid LeviStudio HMI Editor installation
User with access to open project files (typically engineering/administrative staff)
File delivery mechanism (email, shared drive, USB, etc.)

remotely exploitableno authentication requiredlow complexityno patch availableaffects engineering/configuration systems

Exploitability

Moderate exploit probability (EPSS 1.2%)

Affected products (1)

ProductAffected VersionsFix Status

LeviStudio HMI editor: all versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate LeviStudio HMI Editor workstations on a separate engineering network segment with strict ingress/egress filtering to limit file transfer sources

HARDENINGRestrict file sharing and project file transfers to only trusted, verified sources and implement file integrity checking before opening project files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGTrain engineering staff to verify the source and integrity of project files before opening them in LeviStudio

Mitigations - no patch available

0/2

LeviStudio HMI editor: all versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor for suspicious activity on engineering workstations, including unexpected process execution or file modifications during project file opening

HARDENINGEvaluate replacement of LeviStudio HMI Editor with actively maintained HMI software that receives security updates

CVEs (1)

CVE-2017-16717

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4571f5f1-a436-4736-8445-2319df0b598b