WECON Technology Co., Ltd. LeviStudio HMI Editor

Monitor5.3ICS-CERT ICSA-18-011-01Jan 11, 2018

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

WECON LEVI Studio HMI Editor versions 1.8.29 and earlier contain buffer overflow vulnerabilities (CWE-121, CWE-122) in memory handling code. A local attacker with user privileges who can interact with the application can trigger memory corruption, potentially causing application crash or code execution.

What this means

What could happen

A local attacker with user privileges on a machine running LEVI Studio HMI Editor can cause a buffer overflow that leads to memory corruption, potentially crashing the application or executing arbitrary code on the workstation.

Who's at risk

HMI (human-machine interface) engineers and operators at manufacturing facilities who use WECON LEVI Studio to develop or edit control interface software. This affects anyone maintaining or creating HMI screens for WECON-based control systems in factories and process plants.

How it could be exploited

An attacker would need local access to a workstation running LEVI Studio and would need to interact with the application via a malicious input or file that triggers a buffer overflow in the memory handling code (CWE-121/122). Since this is not network-remotely exploitable, the attacker needs either physical access to an engineering workstation or compromised user-level access to that machine.

Prerequisites

Local user access to a workstation running LEVI Studio HMI Editor v1.8.29 or earlier
User interaction required (opening a file or providing input to trigger the vulnerability)

No patch availableBuffer overflow vulnerability (CWE-121/122)Requires local access and user interactionAffects engineering workstations which may have sensitive HMI configuration data

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (1)

ProductAffected VersionsFix Status

LEVI Studio HMI Editor: v1.8.29 and prior≤ 1.8.29No fix (EOL)

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGIsolate HMI development workstations from the operational network and the Internet using network segmentation or air-gapped configuration

HARDENINGDo not expose LEVI Studio workstations to untrusted networks; if remote access is required, use VPN with strong authentication and encryption

WORKAROUNDMonitor and restrict the use of removable media (USB drives, external storage) on LEVI Studio workstations to prevent introduction of malicious files

Mitigations - no patch available

0/1

LEVI Studio HMI Editor: v1.8.29 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict physical access and remote login to engineering workstations running LEVI Studio HMI Editor; limit who can log in locally

CVEs (2)

CVE-2017-16739 CVE-2017-16737

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2659822f-b6e6-4c2c-9a27-f433d44e4376