OTPulse
FeedAboutContact

WECON PLC Editor

Monitor6.3ICS-CERT ICSA-18-261-01Sep 18, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

WECON PLC Editor contains a buffer overflow vulnerability (CWE-121) that could allow unauthorized code execution within the application process. The vulnerability is triggered through user interaction with malicious files. WECON has verified the issue but has not released a patch.

What this means
What could happen
An attacker could execute arbitrary code on a workstation running PLC Editor, potentially allowing them to modify PLC logic, steal engineering data, or compromise other systems on the network. This could disrupt manufacturing operations or enable further attacks on control systems.
Who's at risk
Manufacturing facilities and system integrators who use WECON PLC Editor for programming and maintaining WECON PLCs. This affects engineering workstations and offline programming environments, particularly those where engineers regularly open files from external sources or collaborators.
How it could be exploited
An attacker crafts a malicious project file and tricks an operator or engineer into opening it with PLC Editor. When the file is loaded, the buffer overflow is triggered, allowing the attacker to execute code with the permissions of the person running the application.
Prerequisites
  • User must open a malicious project file in PLC Editor
  • The user must be socially engineered or misled into opening an untrusted file
  • PLC Editor version 1.3.3U must be installed
Buffer overflow vulnerabilityUser interaction required (file opening)No patch availableSocial engineering vector
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
PLC Editor: 1.3.3U1.3.3UNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
WORKAROUNDDo not open untrusted project files in PLC Editor; only interact with files from known and trusted sources
HARDENINGRun PLC Editor on isolated workstations not connected to the corporate network or control system network when working with files from external sources
HARDENINGEducate engineering staff on social engineering and phishing attacks, particularly those that may distribute malicious project files
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor for updates from WECON and apply any future patch releases as soon as they become available and can be tested
Mitigations - no patch available
0/1
PLC Editor: 1.3.3U has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the engineering network from operational control networks using firewalls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b4ddfc86-ddcf-40a7-a941-78f477b3be62
WECON PLC Editor | CVSS 6.3 - OTPulse