WECON LeviStudioU (Update A)

Plan Patch8.8ICS-CERT ICSA-18-212-03Jul 31, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

WECON LeviStudioU versions 1.8.29 and 1.8.44 contain multiple buffer overflow and XML external entity injection vulnerabilities (CWE-121, CWE-122, CWE-787, CWE-611) that could allow an attacker to execute arbitrary code when a user opens a malicious project file. CVSS score is 8.8 (high). NCCIC advises minimizing network exposure, isolating control system networks behind firewalls, and using VPNs with current security patches for any required remote access.

What this means

What could happen

An attacker could execute arbitrary code on a device running LeviStudioU, potentially allowing them to modify control logic, alter process setpoints, or disrupt engineering workstations used to manage industrial equipment.

Who's at risk

Engineering teams and control system integrators using WECON LeviStudioU to develop and manage programmable logic controllers (PLCs) and industrial automation equipment. This affects anyone with an engineering workstation running the affected software versions.

How it could be exploited

An attacker must trick an engineering user into opening a malicious file or project in LeviStudioU. Once the file is opened, a buffer overflow or XML external entity injection vulnerability could allow the attacker to run arbitrary code with the privileges of the user running the application.

Prerequisites

User interaction required: the victim must open a malicious file or project in LeviStudioU
Network access to the engineering workstation (or ability to deliver a malicious file via email or removable media)
LeviStudioU version 1.8.29 or 1.8.44

user interaction requiredremote code execution possiblebuffer overflow vulnerabilityXML injection vulnerabilityno patch available for affected versions

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

LeviStudioU:1.8.29 | 1.8.44No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGTrain engineering staff not to open LeviStudioU project files from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact WECON to determine if an updated version of LeviStudioU is available that addresses these vulnerabilities

Mitigations - no patch available

0/2

LeviStudioU: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate LeviStudioU workstations from the business network and Internet; restrict network access to approved engineering devices only

HARDENINGDisable or restrict remote access to LeviStudioU workstations; if remote access is required, use a VPN with current security updates

CVEs (4)

CVE-2018-10602 CVE-2018-10606 CVE-2018-10610 CVE-2018-10614

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/aa90227a-a8d1-44e5-8fdc-10f2ce7cf66b