OTPulse
FeedAboutContact

WECON LeviStudioU (Update A)

Monitor7.8ICS-CERT ICSA-19-036-03Feb 5, 2019
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

LeviStudioU versions 1.8.69 and earlier contain buffer overflow vulnerabilities (CWE-122, CWE-121, CWE-119) that could allow arbitrary code execution. WECON released Version 1.8.69 to address vulnerabilities in Version 1.8.56, but exploits remain successful against the updated version. The vulnerabilities require local access and user interaction; they are not remotely exploitable. Future updates will be published by WECON.

What this means
What could happen
An attacker with local access to a system running LeviStudioU could execute arbitrary code with the privileges of the application, potentially allowing them to modify PLC configurations, alter industrial process parameters, or disrupt control system operations.
Who's at risk
Engineering and control system operators at water authorities, electric utilities, and other industrial facilities that use WECON LeviStudioU for PLC programming and configuration on engineering workstations. This primarily affects the software development and maintenance stage rather than runtime PLCs, but compromised configuration files could be deployed to live systems.
How it could be exploited
An attacker must have local access to a machine running LeviStudioU. The vulnerability is triggered through a local vector (buffer overflow or similar memory corruption), likely requiring user interaction to run a malicious file or open a crafted document. Once exploited, the attacker gains code execution in the context of the application.
Prerequisites
  • Local access to a workstation or engineering station running LeviStudioU
  • User interaction required (opening or running a file)
  • LeviStudioU version 1.8.69 or earlier
Buffer overflow vulnerability (CWE-122, CWE-121, CWE-119)Requires user interactionNo patch currently availableCVSS 7.8 (high severity)
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
LeviStudioU:≤ 1.8.69No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict local access to engineering workstations running LeviStudioU to authorized personnel only
HARDENINGTrain staff to avoid opening unsolicited email attachments or files from untrusted sources on engineering workstations
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXMonitor WECON website (http://www.we-con.com.cn/en/download_45.html) and WECON customer support for future software updates that address these vulnerabilities
HARDENINGImplement network segmentation to isolate LeviStudioU systems and connected PLCs from the business network and Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ff43eb56-ad88-4127-bbc7-76cfe1515653
WECON LeviStudioU (Update A) | CVSS 7.8 - OTPulse