WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer
Monitor5.9ICS-CERT ICSA-18-116-02Apr 26, 2018
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
WECON LeviStudio U (version 1.8.29 and earlier) and PI Studio HMI Project Programmer (build November 11, 2017 and earlier) contain a buffer overflow vulnerability (CWE-121) that could allow local code execution. Exploitation requires local access to an engineering workstation. No known public exploits exist, and the vulnerability is not remotely exploitable. The latest version of LeviStudio U (build 20180420 or later) is available for download. PI Studio has no known fix.
What this means
What could happen
An attacker with local access to a workstation running LeviStudio or PI Studio could execute arbitrary code, potentially allowing them to modify HMI projects or plant configurations that control manufacturing processes.
Who's at risk
Manufacturing facilities using WECON LeviStudio U or PI Studio HMI editors should prioritize this update. These tools are typically used by control engineers to design and modify the human-machine interfaces and logic for PLCs and other automation equipment. If an attacker gains local access to an engineering workstation, they could alter these configurations to cause process disruptions, parameter changes, or unsafe equipment operation.
How it could be exploited
An attacker must gain local access to an engineering workstation running the vulnerable HMI editor software. Once on the machine, they can exploit a buffer overflow (CWE-121) in the application to run arbitrary code with the privileges of the logged-in user, which is typically an engineer with access to control system configurations.
Prerequisites
- Local access to a workstation running LeviStudio U version 1.8.29 or earlier, or PI Studio with build date of November 11, 2017 or earlier
- User privilege level sufficient to run the HMI editor application
no authentication required for local exploitationlow complexityno patch available for PI Studiobuffer overflow vulnerabilityaffects engineering workstations with access to critical control configurations
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
1 pending1 EOL
ProductAffected VersionsFix Status
LeviStudioU:≤ 1.8.29No fix yet
PI Studio HMI Project Programmer Build: November 11 2017 and prior≤ November 11, 2017No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1HARDENINGRestrict local workstation access: Implement physical access controls and account authentication to limit who can log into engineering workstations
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXDownload and install the latest version of LeviStudio U (build 20180420 or later) from the WECON vendor site
WORKAROUNDDisable or remove PI Studio if it is no longer in use and cannot be updated
Mitigations - no patch available
0/1PI Studio HMI Project Programmer Build: November 11 2017 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate engineering workstations from the business network using firewalls and network segmentation to prevent lateral movement from compromised business systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d16a63d4-ed1e-4e0e-ae2d-f4c3227c45ec